How to Defend Against Mobile App Impersonation

Despite tight security measures by Google/Apple, cybercriminals still find ways to bypass fake app checks to plant malware on mobile devices. Dave Stewart, CEO of Approov, discusses technical approaches to defense against this.

Most users who install applications through legitimate channels such as the Google Play Store or the Apple Store do so with complete trust that their information is safe from malicious attacks. This makes sense, because they’re the official app stores for across the globe.

However, despite tight security measures by Google and Apple, cybercriminals still find ways to bypass these checks. They do this through app impersonation.

For instance, since Android lets users side-load and install apps downloaded from non-store sources, cyberattackers take advantage by creating clone apps that mimic legitimate ones. They then use the fake apps to collect data or credentials for malicious use.

An example was when India banned TikTok. A clone called TikTok Pro came up immediately with malicious intentions to steal data from users’ devices. Attackers also took advantage of COVID-19 fears to collect user data through fake tracking apps.

Cybercriminals are capitalizing on the remote-work trend as more companies allow employees to access business

Read More: https://threatpost.com/defend-app-impersonation/176519/