Skip to main content
Microsoft Security
placeholder text for image

The mobile attack surface goes beyond major mobile app stores

April 19, 2022

App stores across the world contain apps targeting organizations and their customers

Each year, businesses invest more in mobile as the average consumer’s lifestyle becomes more mobile-centric. Americans now spend more time on mobile than watching live TV, and social distancing caused them to migrate more of their physical needs to mobile, such as shopping and education. App Annie shows that mobile spending grew to a staggering $170 billion in 2021, a year over year growth of 19 percent.12

This demand for mobile creates a massive proliferation of mobile apps. Users downloaded 218 billion apps in 2020. Meanwhile, RiskIQ noted a 33 percent overall growth in mobile apps available in 2020, with 23 appearing every minute.2

For organizations, these apps drive business outcomes. However, they can be a double-edged sword. The app landscape is a significant portion of an enterprise’s overall attack surface that exists beyond the firewall, where security teams often suffer from a critical lack of visibility. Threat actors have made a living taking advantage of this myopia to produce “rogue apps” that mimic well-known brands or otherwise purport to be something they’re not, purpose-built to fool customers into downloading them. Once an unsuspecting user downloads these malicious apps, threat actors can have their way, phishing for sensitive information or uploading malware to devices. RiskIQ blocklists a malicious mobile app every five minutes.

These rogue apps appear in official stores on rare occasions, even breaching the major app stores’ robust defenses. However, hundreds of less reputable app stores represent a murky mobile underworld outside of the relative safety of reputed stores. Apps in these stores are far less regulated than official app stores, and some are so overrun with malicious apps that they outnumber their safe offerings.




Download PDF

left arrow

Threat actors don’t have to compromise assets to attack an organization or its customers

Threat infrastructure is more than what’s on the network

right arrow