Blacklisted Apps in Global App Stores Drop 40%, But Trojan and Adware Download Risks Remain Strong, RiskIQ Q2 2017 Mobile Threat Landscape Report Finds
Secondary store AndroidAPKDescargar, Google Play-blacklisted apps and ‘feral’ apps named top three sources for malicious downloads
London, UK – Sept. 14, 2017 – Mobile apps are still the “Wild West” of online security, finds digital threat management leader RiskIQ in its latest mobile threat landscape report. In its recent Q2 2017 analysis of 120 mobile app stores and more than 2 billion daily scanned resources, RiskIQ re-confirmed that most app stores fail to adequately protect their users from malicious and fraudulent app downloads.
While malicious downloads drop, trojans and adware are top threats
The bright spot in mobile security is that blacklisted app downloads fell 40 percent in Q2 2017 compared with the results from research conducted in Q1 2017. This improvement is likely due to increased awareness by consumers and increased policing by app marketplaces to identify malevolent or suspicious apps. Meanwhile, trojans and adware remain the top app threats in Q2 2017, and RiskIQ predicts that malicious actors will likely migrate to secondary stores as global app players, such as Google and Apple, become more vigilant in removing dangerous software.
Major marketplaces still host majority of blacklisted apps
Google Play jumped a spot to the No. 2 source for blacklisted apps in Q2, but a secondary store, AndroidAPKDescargar, was the leader for the second-straight quarter. The third-leading source of Q2 blacklisted apps was “feral apps,” or direct downloads from the internet, the hazards of which consumers have not yet learned to avoid. Rounding out the leaders in blacklisted apps were Baidu, AppChina, and AppLenovo.
“Mobile app security continues to be a challenge, even for the biggest brand names,” said Mike Wyatt, Director of Product Operations at RiskIQ. “The size, complexity, and dynamic nature of the global app store ecosystem mean that app developers and marketplace providers can never protect all users from cybercrime. However, they can do more to protect their customers including version control, monitoring for abuse, employing verification techniques, and offering education.”
For specific metrics or to learn more, download the RiskIQ Mobile Threat Landscape Q2 2017 Report at https://www.riskiq.com/research/q2-2017-mobile-threat-landscape/.