Security Threats to Apps Operating Outside the Firewall: Insights from the 2024 Application Security Threat Report

Introduction

Today, apps are the heartbeat of our daily lives. With nearly 2 million apps on the Apple Store and almost 3 million on Google Play, the variety and number of applications are staggering. In 2023 alone, users downloaded a mind-boggling 148.2 billion mobile, desktop, and web apps. Every day, thousands of new apps are added to the mix, catering to our every need and desire, from banking to gaming to healthcare.

But with great popularity comes great risk. Most of these apps operate outside the confines of corporate firewalls, making them targets for cybercriminals. The cybersecurity landscape continues to evolve, with over a billion malware programs in existence and 560,000 new pieces detected daily. Despite this, much of the focus remains on threats within corporate firewalls, leaving app users and developers in the dark about the risks to apps in the wild.

The State of App Security in 2024

Our recent Application Security Threat Report sheds light on the evolving threats to apps in 2024. By analyzing anonymized global customer data collected over a four-week period in February 2024, we have quantified the risks and identified key trends. If you’re wondering how at risk your app is, consider this: In 2023, 57% of apps faced an attack within a four-week period. This year, that figure has increased to 65%.

Why the Increase?

Several factors contribute to the rising threat levels:

• Tool Democratization: Cybercriminals now have easier access to sophisticated tools like Ghidra for reverse engineering and Frida for dynamic instrumentation. These tools simplify the process of inspecting applications and creating malware.
• Cryptocurrency Resurgence: Cryptocurrencies are making a comeback, providing an easy way for cybercriminals to monetize their attacks, especially through ransomware.
• State-Sponsored Attacks: The involvement of state resources in cyberattacks provides threat actors with immense capabilities.
• Jailbreaking: Despite Apple’s efforts, hackers continue to find ways to jailbreak iOS, opening up vulnerabilities.
• AI/ML Surge: The use of AI and machine learning is boosting productivity for both developers and cybercriminals. AI helps create more apps faster, increasing the attack surface while enabling cybercriminals to analyze app code more quickly and develop and deploy malware more efficiently.

AI: A Double-Edged Sword

AI is transforming the tech world, offering benefits but also posing new risks. A McKinsey study found that generative AI can increase development speed by 10-30%. This means faster creation, testing, and deployment of both apps and malware.

Threat actors are leveraging AI to:

• Analyze Decompiled Code: AI tools help them find threat actors and exploit paths to back-end servers more quickly.
• More Attacks to More Apps in Less Time: AI-driven automation tools like ChatGPT4 help threat actors write malware to insert into apps faster than ever.

Industry-Specific Risks

Different industries face unique threats:

• Gaming Apps: Unsurprisingly, gaming apps are highly targeted. The sale of game cheats, theft of credit card information from in-game purchases, and money laundering within complex in-game economies make them lucrative for cybercriminals.
• Financial Services (FinServ) Apps: While directly tied to money, these apps are also heavily targeted. However, the threat gap between gaming and FinServ apps has widened, partly due to the rapid growth of the gaming industry.
• Healthcare and Automotive Apps: From medical devices interfacing with phone apps to Bluetooth-connected car apps, these industries face significant risks to apps and devices that are used daily.

iOS vs. Android: Dispelling the Safety Myth

The Android and iOS platforms are open to varying degrees, and both platforms are susceptible to multiple threats. Both platforms saw increasing attack rates in 2024, with Android continuing to suffer from a greater percentage of attacks. While both platforms saw more environmental attacks, iOS apps saw a sharp rise in jailbreaks.

Specialized Attacks on the Rise

Specialized attacks, which compromise an application’s integrity, have surged dramatically:

• Android: Attack likelihood rose from 34% in 2023 to 84% in 2024.
• iOS: Attack likelihood increased from 17% in 2023 to 29% in 2024.

Popularity vs. Risk

Our data reveals a weak correlation between an app’s popularity and its likelihood of being targeted by attackers.

This finding, consistent with what we found in our report last year, continues to surprise us. Our intuition tells us that the LOLZ, the glory, and the financial incentive come from attacking well-known apps. But we continue to see a weak correlation, leaving us to conclude that attackers may have different motivations altogether:

1. Lower-Hanging Fruit: Attackers might assume that the popular apps are well protected and thus don’t waste their time trying to crack them. Instead, they may focus their efforts on less popular apps to potentially exploit security weaknesses more easily, making these apps the proverbial “lower-hanging fruit.”
2. Utility Over Glory: Some attackers may be motivated by utility and personal convenience. For instance, they might hack a medical device app with a relatively small user base of, say, 10,000 individuals. Not to make money off of the crack but to repurpose the app for their own convenience–for instance, to change the insulin readout on a diabetes monitor–perhaps not realizing that doing so puts them at risk of personal harm.

App developers should prioritize security based on the value of the data protected rather than the app’s popularity.

Protecting Your Apps in the Wild

As enterprises leverage AI to speed up app development, they must also prioritize security. Unfortunately, the pressure to deliver quickly often leads to security being overlooked. At Digital.ai, we help our customers protect over a billion app instances worldwide. Our research and insights aim to keep you informed and better prepared against emerging threats.

Staying ahead of threats requires continuous vigilance, informed strategies, and robust security measures. By understanding the risks and leveraging advanced security solutions, we can protect our apps and users in this dynamic environment. At a bare minimum, code used to compile apps built for use in the wild must be obfuscated. And the apps themselves need protections that detect the presence of unsafe environments and take evasive action when and if they are put in unsafe environments. Once their apps are obfuscated and equipped with anti-tamper measures, enterprises can monitor apps to see how they are attacked so that they can adjust obfuscations and anti-tamper measures to meet real-world attacks. The threat landscape will always evolve. What we do is monitor the evolution and adjust tactics to stay a step ahead.

 

For more information on how Digital.ai can help secure your apps, visit digital.ai/products/application-security/