U.S. Mobile App Users Face Heightened Security Risks New Nationwide Survey Reports

SAN FRANCISCO, April 06, 2017 -- Poor security awareness and an insatiable demand for mobile apps are placing U.S. consumers’ identities and devices at risk. A new nationwide survey commissioned by RiskIQ of 1,000 people across the country¹ reveals over one third (36 percent) of respondents do not consider an app’s details while nearly half (47 percent) never or only occasionally review the privacy policy and permissions requested by the app before downloading. Such a carefree approach to mobile apps is leaving U.S. consumers vulnerable to cyber criminals seeking to infect the mobile devices and steal information from unsuspecting victims.

In 2015, 45 percent of all transactions originated from the mobile channel while 61 percent of fraud attempts were made from a mobile device.² Despite the prevalence of malvertising as an attack vector, RiskIQ’s survey found that 66 percent of respondents have clicked on an advertisement promoting a mobile app, movie or game. This is followed by nearly two-thirds (60 percent) who have clicked on a link in an email, website or social media feed to download an app, movie or game. Consumers’ propensity to click through without thoroughly inspecting details such as the developer, last version update and any reviews, increases their risk of downloading counterfeit or malicious apps. Alarmingly, on more than one occasion, over one quarter (28 percent) have mistakenly installed an app in the belief that it originated from a trusted source, later to find out this was not the case.

Scott Gordon, chief marketing officer at RiskIQ said, “Not a day goes by without the news of yet another cyber attack or the emergence of a new threat vector. Unlike businesses that have become increasingly cyber security savvy, many consumers remain vulnerable in an ever sophisticated threat landscape. With the volume of personal information being requested and shared through mobile applications, it is time for consumers to improve their online behavior and step up security awareness.”

Generational and gender differences in mobile app and security behaviors are also apparent:

Generational differences – Millennials more vulnerable

• Millennials are guilty of clicking before thinking, 37 percent have mistakenly installed an app they believed was from a trusted brand. In comparison, only 11 percent of seniors (60+) done so.
• 29 percent of millennials and Gen Xers have jailbroken their phones, citing the freedom to download and install what they want as the biggest factor (68 percent). Almost none of the seniors had done so, while 7 percent of baby boomers have.
• Four out of five millennials (81 percent) have clicked on an ad on their mobile promoting a mobile app, movie or game compared to 76 percent of Gen Xers, 54 percent of baby boomers and 32 percent of seniors.
• Over half of millennials and Gen Xers considered security when buying a new phone (56 percent) compared to 44 percent of baby boomers and 38 percent of seniors.

Women at greater risk

• A sixth of women (16 percent) never read a mobile app’s data and privacy policy or reviewed permissions requested compared to 9 percent of men.
• Women are less likely to install additional security software on their mobile phones (46 percent) compared to more than half of male respondents (62 percent).
• Women (41 percent) are less likely to consider security features when buying a new phone versus 64 percent of men.

“The vastness of the app store ecosystem provides the perfect place for malicious actors to hide, luring consumers into believing their apps are official or their brand affiliation is legitimate. With 4.6 percent of all apps in RiskIQ’s database blacklisted³, consumers need to be educated about safe app and security behavior and put these measures into practice. Otherwise, there is a real risk of them falling victim to cybercrime,” said Gordon.

Click here to download the new report: Appsession: Is our Appetite for Mobile Apps Putting us at Risk?

About RiskIQ

RiskIQ is the leader in digital threat management, providing the most comprehensive discovery, intelligence, and mitigation of threats associated with an organization’s digital presence. With more than 80 percent of attacks originating outside the firewall, RiskIQ allows enterprises to gain unified insight and control over web, social, and mobile exposures. Trusted by thousands of security analysts, RiskIQ’s platform combines advanced internet data reconnaissance and analytics to expedite investigations, understand digital attack surfaces, assess risk, and take action to protect business, brand, and customers. Based in San Francisco, the company is backed by Summit Partners, Battery Ventures, Georgian Partners, and MassMutual Ventures. Visit RiskIQ.com or follow us on Twitter.

Try RiskIQ Community Edition for free by visiting https://www.riskiq.com/community/

_____________________________

¹ The Mobile Apps survey, conducted by Ginger Comms on behalf of RiskIQ in March 2017, sourced answers from 1,016 nationally representative US and UK adults aged 18 and above.
² RSA, 2016: Current State of Cybercrime
³ RiskIQ blacklist data as of April 2017

Media Relations
Kari Walker
Ogilvy Public Relations
[email protected]
703.928.9996