Why we need to focus on mobile device security [Q&A]
When getting a new smartphone most people focus on features and pricing, while security tends to be overlooked. But as we access the internet more using mobile devices, protecting users' personal information, transactions, and digital identities is vital.
We talked to Tom Tovar, CEO of Appdome, to discuss why mobile security should be at the forefront of consumer and media conversations and why it's currently being neglected.
BN: Why do we neglect mobile security or take it for granted?
TT: Many consumers assume that mobile apps and devices are inherently secure. However, this assumption is misplaced. We see upwards of 10m mobile threats and attacks per day, including a dramatic rise in android banking malware, social engineering, and account takeover attempts. According to Appdome's 2024 USA Consumer Expectations of Mobile App Security Survey, 27.1 percent of consumers believe that mobile app developers don't care about security -- a staggering 337 percent increase since 2021. This perception reveals a disconnect between consumer expectations and the actions of mobile brands. As mobile apps dominate daily activities -- from work to banking to healthcare to shopping -- the stakes for protecting data, privacy, and identity have never been higher. Yet, the sophistication of threats like AI-enhanced phishing, malware, deepfakes and fraud often exceeds what consumers and even mobile app developers anticipate. Mobile security is no longer optional; it's a fundamental requirement that should match the pace of innovation in mobile app features and usability.
BN: What are the main concerns around mobile security?
TT: The consumer survey highlights that fraud and hacking remain top concerns for 60.6 percent and 52.4 percent of consumers, respectively. These fears are justified given the evolution of threats such as social engineering scams, including phishing, smishing (SMS phishing), and vishing (voice phishing), which leverage AI and deepfakes to deceive mobile users more effectively. In fact, 38.4 percent of consumer survey respondents reported firsthand or secondhand experiences with mobile cyberattacks, fraud, or malware. Mobile threats like data breaches, location spoofing, impersonation, and account takeovers add layers of risk. Compounding these issues is the growing skepticism among consumers about developers' commitment to security as noted previously. Mobile brands and developers must address these concerns by embedding robust protections into mobile apps, ensuring continuous coverage, and earning consumer trust through proactive measures rather than reactive responses.
BN: Where does the balance of responsibility lie between hardware, OS, and apps?
TT: Each layer of the mobile ecosystem plays a critical role in security. Device manufacturers and OS providers like Apple and Google offer foundational protections, such as secure boot and app sandboxing. However, the survey reveals that 68.5 percent of consumers hold mobile app makers primarily responsible for protecting the mobile experience. This expectation stems from the mobile app's direct handling of sensitive data and transactions, which mobile consumers have consistently emphasized as extremely important and worthy of the highest forms of protection. But given the inadequate state of mobile app protection in many of the mobile apps they use on a daily basis, consumers no longer believe that mobile brands and developers share the same sense of urgency about comprehensive mobile app protection. Developers need to go beyond relying on platform-level defenses to implement application-specific protections. These include anti-fraud measures, malware prevention, anti-tampering and secure data storage and transmission to name a few. By prioritizing security throughout the mobile app lifecycle, from design to deployment, mobile app developers can align with consumer expectations and reduce the risk of fraud and breaches.
BN: How can developers refine their approach to mobile app security?
TT: Our 2024 consumer survey highlights a clear demand for proactive app protections, with 99 percent expecting preemptive fraud prevention and 83.5 percent favoring proactive over reactive measures. Foundational protections like encryption, code obfuscation, RASP, and jailbreak/root prevention no longer suffice against today's evolving fraud, bot, and cyber threats. Brands must adopt continuous protections, including anti-fraud measures, defenses against AI-driven tools and hacking frameworks like Magisk and Frida, safeguards against FaceID bypass, and anti-malware to protect from overlay attacks, accessibility exploits, memory attacks, and social engineering scams. Geo-fraud defenses are also crucial for protecting location-based services. By leveraging real-time attack telemetry and threat intelligence, developers can dynamically identify and respond to new threats, ensuring resilience against advanced attacks. To stay ahead, mobile brands must integrate security seamlessly into CI/CD pipelines, automating protections in every build and release. This proactive, holistic approach enables brands to deliver trusted, secure mobile experiences, keeping users safe while meeting rising security expectations.
BN: What steps can smartphone users take to protect themselves?
TT: While mobile brands and developers bear primary responsibility, mobile users can reduce risks by downloading apps only from brands they know from trusted sources like Apple and Google app stores, avoiding jailbreaking/rooting, and keeping apps and operating systems updated with the latest security patches. However, our survey reveals that modern threats, including AI-driven fraud, phishing and deepfakes, often outpace user efforts. This reinforces the need for mobile brands and developers to implement robust, built-in security measures that don't rely on user actions. The survey also highlights a clear incentive: 98 percent of consumers say they reward security-conscious mobile brands with social media likes, positive app store reviews, and word-of-mouth recommendations. Prioritizing mobile security not only protects users and brands but also builds customer loyalty, strengthens brand trust, and drives business growth. By delivering continuous built-in protections, mobile developers can safeguard users and turn security into a competitive advantage.
Image credit: Sasinparaksa/Dreamstime.com