In a world where companies across industries are often victims of cyber attacks, mobile consumers have jumped past ‘security awareness,’ and now require security and malware prevention to be an embedded feature in every Android and iOS app. App makers who do not provide such security measures will risk churn and cancel culture in their mobile business.
In a recent Appdome survey, How CISOs Can Meet Consumer Expectations of Mobile Security in 2021, 74 per cent of consumers said they would stop using a mobile app if their app was breached or hacked, whereas, 73 per cent of all consumers said they would stop using a mobile app if it left them unprotected.
The survey queried a demographically diverse sample of more than 10,000 mobile consumers from multiple continents. The results offer CISOs key insights into which mobile app threats consumers fear most, which apps consumers expect will have the highest level of security, changes in consumer expectations for mobile app security as a result of COVID-19, and the rising strength of mobile app security expectations across every key demographic and geographic audience.
“Globally, consumer expectations of mobile app security are deeply held, complex and sophisticated,” said Tom Tovar, CEO and co-creator of Appdome. “The voice of the consumer flips the script on the ‘security vs. features’ debate, making clear that mobile app security and malware protection are on par with other critical features in the mobile app experience and demanded by every consumer that downloads and uses a mobile app.”
Today, security means data protection and malware prevention in mobile apps. Runtime application self-protection (RASP) is necessary but not sufficient to satisfy the security demands of mobile consumers. Fifty-five per cent of consumers say they would stop using an app if malware stole data stored within it.
As per the survey findings, consumers care most about app-level, on-device threats and dismiss network-cloud threats. Sixty-two per cent of consumers fear someone hacking their app, ranking it as the first mobile app threat, 56 per cent of consumers fear malware threats on their device, ranking it as the second mobile app threat, and 32 per cent of consumers fear network-cloud threats, ranking it as the seventh mobile app threat. Meanwhile, consumers rank threats like malware and hacking above credentials loss from backend breaches.
Mobile banking apps still set the standard, but expectations are on the rise. Security expectations in mobile apps with PII and transaction data are the same. Thirty-six per cent of consumers expect mobile banking apps to the highest level of security, 33 per cent of consumers say that ‘all transaction apps’ should have the highest level of security, 16 per cent of all consumers say that e-wallet and payment apps should have the highest level of security.
CISO Action Plan To Improve Mobile App Security
- Organisationally recognise that mobile consumers value security and malware prevention in the mobile apps they use and will abandon apps and ignite a cancel culture for poor security.
- Like any other feature of a mobile app, develop a target list of protections to be included in Android and iOS apps; define Minimum Viable Security Protection (MVSP) and layer additional protections release by release.
- Adopt Rapid Mobile App Security (RMAS) solution to quickly and easily become DevSecOps, add security and malware prevention to each Android and iOS app, without impacting development resources, the dev and QA pipeline or release cycles of the mobile app.
- Leverage Security Release Management (SRM) and CI/CD integration to realise DevSecOps, automate, audit and upgrade app protections build by build. SRM is a set of tools to package, test and validate security features, as well as inline certification of protections, release by release.
- Certify security and malware prevention and other protections added to Android and iOS apps each build without code scanning or pen testing, demonstrate the evolution of security model to match threats as they evolve with no impact to dev resources or timing.