I want to thank everyone for reading my 1st blog on Appdome’s COVID-19 Mobile Consumer Survey. That blog revealed critical mobile consumer data, from over 4000 respondents in the United States and globally: (1) consumers are using mobile apps more than ever in COVID-19, (2) consumer confidence in using mobile apps is at an all-time low, and (3) more than two-thirds of mobile app consumers feel very strongly that mobile app makers have a higher duty to protect mobile apps and users in COVID-19.
In this blog, I’ll cover the threats mobile consumers fear most. Understanding this voice of the consumer is the key to creating sustainable and lasting mobile businesses in the pandemic and beyond. We’ll uncover if consumers fear one type of threat more than others. We’ll also discover if mobile consumers will cut developers some slack based on the type of app or what kind of data is in the app. In other words, do consumers believe that protection against one type of threat or securing of one kind of app is more important than others?
Ok, let’s listen to the voice of the consumer and see what threats mobile consumers fear most.
Threats Mobile Consumers Fear Most — Emotion vs Sentiment
Several articles are already saying that new behaviors that emerge in COVID-19 are here to stay. We also know that short-lived emotions that arise in COVID-19 can form a part of a longer-term shift in consumer sentiment about anything, including mobile app use and mobile app security.
An emotion is an immediate response to a specific experience or event. Emotions trigger impulsive, flash actions or judgements. For example, in my first blog covering the COVID-19 Mobile Consumer Survey, I revealed a key consumer emotion in COVID-19 — namely that 80% of mobile consumers will abandon a mobile app if the app failed to protect their use or an actual breach occurred.
A sentiment is a belief that emerges and lasts over long periods of time. Sentiments derive from emotions, rooting themselves in the consuming public, especially when emotions are evoked with repetition. Because of COVID-19, consumer ‘emotion’ and ‘sentiment’ are one and the same, two sides of the same coin. So, developers and security professionals will do well to pay attention to the threats consumers fear most, now and long after COVID-19 subsides.
Does the App Type, Threat or Data Type Matter?
Perhaps the most critical question developers and security professionals ask is this: “ Should we prioritize one set of mobile security features over another? “ Specifically, can developers prioritize mobile app security projects:
- by app type — For example, do security requirements differ for mobile banking apps vs retail apps, vs healthcare apps, etc.?
- in-app or server-side — For example, is it more important to embed security inside the client app or lock down the backend?
- by data type — For example, is transactional data more important than personal user data when it comes to applying security measures?
Does the Mobile App Type Matter?
Should certain types of apps have higher levels of security than others? If you’re a developer or security professional, it’s a great question. You want to do the right thing, but you also want to make the right decision for the business.
To help our customers, we asked mobile consumers “ Among mobile apps with in-app purchases or transactions, which app should have the highest level of security? “ The app types presented included Banking Apps, Retail Apps, Travel Apps, Healthcare Apps, Mobile Games and Ride Sharing Apps.
Shockingly, the data was split at opposite ends of the spectrum — an equal number of respondents (43%) believe that all transactional apps should have the same level of security, compared to the same number (46%) of mobile consumers that believe mobile banking apps should have the highest level of security. In other words, if your app is intended as a transactional app, you should secure your app as if it was a mobile banking app.
What about apps that aren’t designed to be transactional apps, or apps that don’t emphasize transactions. That too is a good question. We wanted to know too. So, we asked mobile consumers “Among apps that store personal information, which app should have the highest of security?” Keep in mind that these apps are not intended as transactional apps but, rather, store personal information of the user.
Overwhelmingly, 80% of mobile consumers responded that ALL apps should have the same level of security. Taken together, mobile app developers and security professionals would be wise to follow security best practices for all apps, regardless of the type of app being offered to the mobile consuming public. It does not matter (i.e., you get no break) if your mobile app is a food service or gig economy app and not a mobile banking app. If the app has transactional or personal data of the user, consumers expect all data and all apps to be protected, equally.
Does the Threat Type Matter?
This is an age-old debate among security professionals. If the backed is protected, why protect the client app, right? The answer is quite clear. Mobile consumers are aware of both approaches and care a great deal about the security of the apps they use. For example, we asked mobile consumers to “Select the Security Threats That Would Make You Stop Using a Mobile App.” More than 70% of mobile consumers consider malware the biggest mobile threat. This data would indicate that local threats, threats to the app placed in use by the consumer herself, are the highest concern to mobile consumers.
When we took this one step further and asked consumers “ What Single Mobile App Threat Concerns You Most?,” a breach of the client mobile app topped out the next highest category by 17%. More consumers surveyed responded “ A breach of the mobile app I use,” concerned them most versus “ A breach of the cloud database of all mobile users. “
The conclusion, consumers fear local, individual app, threats more than back end threats.
Does the Data Type Matter?
Most app makers have to comply with data protection laws, or other regulations for PCI, HIPPA and similar standards. Still, we do get asked “what consumer data should I protect?” This threshold question is always front and center in every mobile app security project. To help our customers, we wanted the consumer perspective. We asked mobile consumers “Among mobile apps you use, what part of your data do you expect to be protected the most?
Consumers were given several choices. Among them, credit card data, personal data, usernames and passwords, profile and account information and transactional data. It turned out, mobile consumers didn’t rank one type of data above the others. Overwhelmingly, nearly 60% of consumers expect ALL of their data to be protected at the same level.
Credit card data, at 22%, was the only category of data that stood out as needing protection in the eyes of mobile consumers. All other data, received roughly equal weight among consumers.
Stepping back from the data, these answers make sense. Mobile consumers are the owners of the data and have the most to lose when breaches occur. They are well informed of their rights to data protection and expect all data to be secured, equally. In addition, there are so many uses and markets for consumer data on black markets, and cybercriminals are financially motivated to steal all types of data. Monetization rates may vary, but one thing is clear when it comes to data monetization: MORE IS BETTER!
Conclusions About Mobile App Security Fears Among Consumers
For the first time, local threats, threats to the mobile apps used by each individual consumer, outpaced threats to the backend. This demonstrates that consumers now value the security of their individual experiences above threats to the mobile business, backend or databased.
We were very surprised that consumers’ fear of mobile threats is the same across app types and data types. Consistent responses to the different questions illustrate a now deeply embedded sentiment — namely, that mobile consumers expect ALL apps and ALL data to be protected equally. Mobile developers and security professionals would be well advised to protect all apps and all data equally too. Consumers don’t expect less security for non-banking, or non-transactional apps. Consumers also don’t expect less security in respect of different types of data.
Appdome continues to recommend a minimum viable security protocol for all android and iOS apps consisting of app shielding, obfuscation, data encryption and jailbreak/root prevention. With Appdome, these protections can be layered together to provide a comprehensive mobile defense, without code or coding. These basic protections not only block static and dynamic analysis, pass pen tests, and stop hackers who attempt to access or harvest local data-at-rest, but they also provide the protection mobile consumers demand in each and every Android and iOS app. I encourage all readers to use Appdome’s Platform to secure their apps and trust Appdome’s Certified Secure™ to eliminate the mobile threats consumers fear.
You owe it to yourself and to your end users to protect your app, as well as the data inside your app.
Thank You, and Build Safe
Originally published at https://www.appdome.com on November 29, 2020.