ARCHIVES: This is legacy content from before Marketing Dive acquired Mobile Marketer in early 2017. Some information, such as publication dates, may not have migrated over. Check out the new Marketing Dive site for the latest marketing news.

Hacking incidents add to mounting challenges for app developers

A reported surge in hacking incidents on mobile applications adds to the challenges facing developers, who already are confronting a growing app development backlog problem.

Arxan Technologies? third annual report on the state of mobile app security found an across-the-board lack of mobile application self-protection but particularly for mobile financial, retail/merchant and healthcare/medical apps. Coming on top of a report showing that a backlog problem is damaging revenue opportunities in the enterprise, the surge in hacking raises the question of how marketers will be able to build in security when the process will put them even more behind.

?In some cases, the intended mobile marketing ads are being removed from the apps and in other cases, the ads are being replaced with other ads, without the owner of the application knowing,? said Patrick Kehoe, chief marketing officer with Arxan, a provider of application protection and anti-tampering systems in Bethesda, MD.

?I anticipate the mobile marketers will increasingly require that the apps they advertise on are protected to ensure that their objectives are fulfilled.? 

Soaring usage 
Arxan?s report found that 97 percent of the top 100 paid Android apps and 87 percent of the top 100 paid Apple iOS apps have been hacked. 

In addition to the increase in app hacks found for commonly downloaded popular free apps, the investigation also revealed widespread hacking of financial services, healthcare/medical, and retail/merchant apps, largely driven by hacks of Android apps. 

Hackers' attacks on apps are growing.

The study?s findings were based on analysis of 360 apps, including 100 top paid and 20 popular free apps, as well as 40 apps in the financial services, retail/merchant, and healthcare/medical categories. 

The findings come as free app downloads are expected to skyrocket 99 percent to 253 billion by 2017 while paid app downloads jump 33 percent to 15 billion. 

In October, a report, Mobile App Backlog is Directly Damaging Revenue in the Enterprise, said that 85 percent of companies have a mobile backlog of between one and 20 apps, while 50 percent have a backlog of between 10 and 20 apps. 

That report attributed the backlog partly to a lack of mobile developer talent, with only 6 percent of enterprises reporting they have the necessary staff. 

The Arxan study?s findings highlight how mobile application self-protection has not been a priority for developers, with most attention being given to protecting devices and networks.  

?Experience has shown that these are very difficult to safeguard and so focusing on protecting the application and the data that it transmits is becoming an increasing popular approach ? and something recommended by more and more security analysts,? Mr. Kehoe said. 

The app-usage explosion traverses all verticals, led by Android-supported apps. While the finding of a high number of Android hacked apps is in line with prior years? results, the iOS percentage represents a sharp increase over 2013, when 56 percent of iOS apps were found to be hacked.

By sector, mobile financial apps of both Android and iOS are at risk. Ninety-five percent of Android financial apps reviewed were cracked while 70 percent of iOS financial apps were hacked. 

App development is backlogged.

These numbers represent an increase in both cases, with Android?s growing about 80 percent. 

Among retail/merchant apps, 90 percent of Android apps and 35 percent of iOS apps were compromised.

Hackers are targeting growth in business-to-consumer retail apps, as stores launch mobile payment/wallet services, and in business-to-business merchant point-of-sale apps. In both cases, sensitive data, Internet Protocol and financial transactions are at risk. 

In healthcare/medical, 90 percent of Android healthcare/medical apps were hacked, including 22 percent that were FDA-approved. 

?The demand for mobile apps by consumers is enormous and organizations are finding competitive advantage based on how they are leveraging mobile innovations to transform their business models and revolutionize their user experience,? Mr. Kehoe said. 

?So, I expect that mobile app development and usage will continue to expand. However, developers of apps will need to take longer to deploy them, invest more in security protections, and market the integrity of their apps.? 

Arxan recommends that applications with high-risk profiles running on any mobile platform should be made tamper-resistant and capable of defending themselves and detecting threats at runtime. It also urges applications be developed to maintain the confidentiality of the application/code. 

As well, organizations should consider mobile app assessments to determine if existing apps are exposed to risks that are unique to mobile environments, Arxan recommends. 

A spate of recent security breaches have pushed app security into the spotlight and raised concerns around mobile?s use in sensitive areas. 

In July, Visa bolstered tokenization to calm security concerns around mobile payments. In October 2013, Visa, MasterCard and American Express introduced a new standard for digital payments to enhance the security and simplify the consumer purchasing experience when shopping on a mobile phone, tablet, personal computer or other smart device. 

Mobile payments 
Security is one of the main reasons for a low mobile payments usage rate, according to a study from Thrive Analytics. The findings echoed a PayPal survey, which found consumers continue to resist mobile payments as concerns over data security loom large in ecommerce transactions. 

?The good news is that there are solutions in the market today that can be leveraged to address the recommendations,? Mr. Kehoe said. ?Steps can be made to protect the confidentiality of apps as well as the integrity of apps. 

?Many organizations have implemented these recommendations effectively already today.? 

Final Take 
Michael Barris is staff reporter on Mobile Marketer, New York.