Five Trends and Predictions in Mobile App Security for 2024

Thursday, 14 December 2023 09:53

Five Trends and Predictions in Mobile App Security for 2024

By Appdome

Jan Sysmans, Head of Marketing Asia Pacific and Japan at Appdome

GUEST OPINION:  As organisations complete their 2023 projects and look forward to a fresh year ahead, attention is turning to the key tech trends that will shape the world of mobile app security in 2024.

Below are five key trends and predictions for mobile app security which Appdome believes will further evolve in 2024. 

1. Geo Compliance will become critical as regulators will take a more active role. 

In 2024, regulators will take a more active role in the mobile security landscape. In Asia for example, the shared responsibility framework by the Monetary Authority of Singapore and the Infocomm Media Development Authority holds banks, fintechs and telcos to a higher standard to prevent mobile fraud.

The Hong Kong Monetary Authority (HKMA) also adopted a stronger stance against scams by mandating that banks implement several new measures including enhanced monitoring for suspicious transactions and additional customer authentication. Similarly in the Philippines, the Bangko Sentral ng Pilipinas (BSP) released Circular 1140 aimed at protecting consumers from fraudulent schemes and establishing greater confidence in using digital payment methods.

The differing regulations and frameworks across the world create a complicated compliance process. As a result, geo-compliance will become critical for app makers who are looking to comply with the rules and regulations in force in every geography where their mobile apps are in use. Geo-Compliance has three elements:

(1) easily create different security models for different countries

(2) easily demonstrate to the regulators that the security in the mobile app complies with the country and industry specific regulations and

(3) actively prevent the use of a mobile app in certain geographies.

App makers will need to look for comprehensive mobile app defense solutions that can protect their consumers and mobile business against all different kinds of cyber threats, mobile fraud, and on-demand malware, both today and tomorrow.

1. Compliance alone is not enough; Cyber Resilience is key.

In their effort to comply with regulations, we have seen app makers implement "check box" features. These include features to meet compliance standards but that either have known vulnerabilities or that can be easily bypassed or turned off (a widespread problem with SDK-based security solutions). App makers need to ensure that their mobile apps are fully cyber resilient and can stand up against modern malware and tools. Threat actors are ingenious and will always look for ways to outsmart cyber defense measures. Companies must similarly remain proactive in looking to protect users of their apps, and not rest on their laurels simply because they have achieved the bare minimum of compliance with regulations.

The distinction between compliance and resilience emphasises the need for comprehensive and adaptive mobile app defense strategies that keep up with the dynamic and ever-changing threat landscape.

1. Evolving Threat Landscape: Generative AI Raises the Stakes for Mobile App Defense

In the past, cyber teams relied on the complexity of writing malware as a safeguard, allowing time to build robust protections. However, Generative AI is lowering the bar for malware creation, increasing the likelihood of widespread fraud and malware attacks. This advanced technology excels at crafting convincing phishing messages, causing a shift in mobile app security from basic measures to comprehensive defense against fraud and malware.

As such mobile app defense solutions need to use AI and mobile app defense automation to help app makers protect their consumers and mobile business. AI should be used to benchmark the protections in the app against the threats common in their region and industry. Mobile app defense automation should be used to allow cyber security teams to upgrade the protections quickly and easily, directly in the existing DevOps workflows, before new threats and attacks can be launched at scale.

1. In a DevSecOps 2.0 world, Cyber teams will (be forced to) adopt developer best practices and be responsible to build, test, release and monitor mobile app security.

The current mobile app release process is rife with conflicts between mobile dev teams and cyber teams. The dev teams have invested time and resources in automating the release process as much as possible. In fact, they are focused on increasing the agility and velocity of their releases as much as possible. Cyber teams on the other hand are seen as blockers to this agile process. Especially when security findings are reported in the release meeting. This leads to dev teams escalating to management and requesting sign offs on risk exceptions.

The traditional DevSecOps process aims to include automated security tests in the development and deployment pipeline with the intention to streamline the security review process using the pipeline.

The problem with this approach is that development teams often do not have the resources, skills, or knowledge to resolve pipeline findings and may assign a low priority to security, since functionality, look and feel, ease of use are the top drivers for them.

Using a DevSecOps 2.0 approach, app makers can use mobile application defense automation in the CI/CD pipeline to shift the burden and responsibility for delivering the needed protections from the development team to the cyber team. In this way the cybersecurity team can use the same developer best practices to build, test, release and monitor the protection model in the mobile apps on

its own, as an equal and independent part of the DevSecOps process.

This allows app makers to maintain a rapid and agile release process for their mobile apps, while ensuring that their apps are fully protected and can easily be upgraded to protect against new threats and attacks. All without the dev team doing any extra work.

1. Consumers demand better mobile app security and more communication and transparency from the app makers when attacks happen

In light of the “scamdemic” that has plagued consumers around the world, mobile consumers have been forced to learn about cyber security and as a result become a lot more cyber savvy. Consumers are more aware of the dangers that are lurking on their mobile devices and are better able to protect themselves. While exercising vigilance against scams can go a long way, the ordinary consumer doesn’t the capability to detect modern malware or fraud. In fact, Appdome’s 2023 Global Consumer Expectation of Mobile Security Applications Survey found that consumers believe it is the app makers responsibility to protect them, their data and their use from threats, fraud, and malware.

In 2024, consumers will demand better communication, more transparency and remediation steps when the app they use comes under attack. App makers need to be able to better explain why they are closing the app to protect the user against an attack. A one-size fits all or big hammer against a single nail approach that is common in most mobile app security solutions creates bad experiences for users. App makers that create beautiful user experiences when bad things happen, both inside the UI of the app and via the customer support organisation, and clearly communicate why the app closed and the steps they take to start using the app again, will be rewarded with high advocacy, according to the Consumer Expectations on Mobile App Security survey.

Read 243 times

GARTNER MARKET GUIDE FOR NDR 2022

DOWNLOAD NOW!

PROMOTE YOUR WEBINAR ON ITWIRE

MORE INFO HERE!