COVID-19 Makes Mobile App Security More Important Than Ever

The global COVID-19 pandemic has hit brick-and-mortar stores hard. For months, most retail stores were unable to open. As states begin to loosen their stay-at-home orders, many retail locations have been able to reopen. But for retail, it’s a whole new world. States are limiting the number of customers allowed inside, and many consumers are still too concerned for their safety to resume their normal shopping habits. Increasingly, shoppers are relying on the internet to buy all kinds of items, whether it’s to order for delivery or to set up curbside pickup.

To survive, retailers large and small must have a digital business model, and mobile apps are playing a critical role. U.S. consumers spend an average of 58 percent more time consuming media on their smartphones than they do on desktop and laptop devices. Increasingly, a company's mobile presence is just as important and, in many cases, even more important than their physical presence.

As a result, retailers face serious new challenges:

• The need to develop more mobile apps at an even faster pace: The digital space was already crowded, making it difficult to stand out. Its heightened importance during the pandemic has accentuated the need to get new and updated apps in the hands of customers faster in order to beat the competition.
• Accommodating a wave of new users: A flood of new users who, previously, only used apps for entertainment now depend on them to purchase nearly everything. These formerly casual mobile app users are more vulnerable to security scams and are more likely to grant permissions to apps when they ask for them, making them easy prey for trojans and other malware.
• Increased traffic exposes weaknesses: Just as Zoom saw its app’s flaws magnified under the pressure of millions of new users overnight, app makers will see the same happen to them, though on a smaller scale.

Unfortunately, the increased pressure to turn out new and updated apps more rapidly likely means security will be an afterthought, at best. According to the Verizon Mobile Security Index 2020, even before the pandemic hit, 43 percent of app developers said they had cut corners on security to “get the job done.” Mobile app security specialists are in short supply, and manually coding security into apps lengthens the development schedule.

It’s definitely true that consumers don’t usually consider security features when choosing an app. They're far more concerned with ease of use, functionality and the overall app experience. However, poor app security will eventually harm the companies that issue apps. Cybercriminals recognize that apps are vulnerable and that they're rich sources of account data, passwords and other information they can misuse or sell. Moreover, criminal hacker organizations operate a lot like nimble startups. Hackers look for vulnerabilities, create malware to take advantage of them, and then continually improve that malware with rapid new releases. Companies with apps that acquire a reputation as dangerous and insecure won't fare well in the marketplace.

For proof of the threat, one need only look to April 2020, when the EventBot malware for Android appeared. This malware looks and feels like a popular app, such as Adobe Flash or Microsoft Word, but once installed it searches for vulnerable data in banking and other financial apps. The malware can even intercept two-factor authentication codes to access and take over accounts.

The threat to retail apps is dual. First, hackers may choose to use popular retail apps as their trojan and hide malware to these apps. Second, malware like EventBot can be easily changed to focus on retail apps and steal usernames and passwords or attempt account takeovers. To protect themselves, retail brands must shield their apps from tampering, reverse engineering and repackaging.

In addition, they need to encrypt all valuable account information, obfuscate their code base, and protect their apps against hacking and other malicious activity. Thankfully, however, there are alternatives to manually coding security into an app. Software development kits (SDKs) exist that can be incorporated into apps to secure them, and no-code platforms can embed security into a binary in just a matter of minutes. Therefore, as mobile apps become a central pillar for retail businesses, it’s worth taking security seriously to protect both consumers and the long-term health of your brand.

Tom Tovar is the CEO of Appdome, a unique, patented mobile security and solution platform that enables developers and enterprise IT and DevSecOps teams (developers and nondevelopers) to point, click and integrate mobile security and third-party SDKs to existing mobile apps in seconds — no code or coding required.