According to a WEF Study, only 18% of Indians own a smartphone. Yet, surprisingly enough, over 6 billion apps were reported to have been downloaded by Indians in 2016. From 3.5 billion downloads in 2015, the Indian app market has grown 71% in comparison with the 15% growth in global app downloads. With an average Indian user installing around 32 apps on his/her smartphone, the top 5 apps are:
While 36% of the top 25 apps belong to the communication category, about 15% of the app downloads are games. However, in India when 49% users access social media and 43% access search engines from mobile, ransomware like the recent WannaCry could lead to even more devastating and far-reaching implications. A recent survey by Appthority Mobile Threat Protection engine analysed about 40,000 iOS and Android shopping apps to reveal that 68% of them are transmitting data without adequate encryption; 11% of the surveyed apps shared personally identifiable information such as device name or ID with third parties and about 3% apps deliberately deactivated SSL validation that exposed users to potential Man-in-The-Middle (MiTM) attacks.
A recent survey by Appthority Mobile Threat Protection engine analysed about 40,000 iOS and Android shopping apps to reveal that 68% of them are transmitting data without adequate encryption...
With the Reserve Bank of India (RBI) reporting a 175% growth in mobile transactions and 369% growth in mobile banking between October 2015 and October 2016, the top Indian apps as per the number of daily average users (DAUs) are:
Most interestingly, at a time when the Associated Chambers of Commerce and Industry of India (ASSOCHAM) study predicted a 65% increase in mobile payment frauds in 2017, eCommerce and mobile banking apps still continue to be the Indian app market's driving force. Moreover, in an age where 98% of Indian eCommerce apps used are vulnerable to hacking, Digital wallets in India like PayTm, FreeCharge and MobiKwik lack the kind of hardware-based security protocols that protect Apple Pay, PayPal, Alipay, etc.
Even a PwC research report of the top Indian Banking apps of 2016 observes:
- 96% of tested apps used outdated security protocols and inadequate data encryption for banking server communication.
- 77% of tested apps used raw SQL queries that could be reverse-engineered by hackers for SQL Injection.
- 15% of tested apps asked for excessive data access permissions than what's required to effectively operate a mobile banking application.
Saved card information for quicker transactions in any app, mostly stored in third party cloud servers, are always an easy-target goldmine for cybercriminals...
How many of us remember the exact permissions we granted to each app while installing them our smartphone? Even if we do, how sure are we that our smartphones could proactively stop and report an installed app secretly trying to compromise our personal, behavioural, and location data with 3rd party servers? Even if digital payment platforms or banking apps claim to no store CVV numbers of cards, the security checks and balances are often tantamount to only an honour deal shrouded in the security benchmarks set by the app store policies. Saved card information for quicker transactions in any app, mostly stored in third party cloud servers, are always an easy-target goldmine for cybercriminals sourcing data for credit monitoring or identity theft. In the most recent attack on Zomato, hackers stole personal data, email addresses and hashed passwords of up to 17 million users and put them up for sale on a Dark Web Marketplace.
Apart from worrying about hackers, corporates also need to relook at internal sources with access to user-data after incidents like two former Uber employees owning up to stalking their exes and celebrities. Even in India, several crores were siphoned by bank employees before they were caught. In spite of such glaring security loopholes, the mobile apps ecosystem is expanding without limits. However, if users and corporations do not update their data security measures, incidents like the ones described above will surely surpass the average total cost of every data breach, estimated at $4 million by IBM research.