9 May 2022
Introduction
The use of applications had grown especially during the pandemic as people download a variety apps from online shopping to mobile banking.
The latest report by NCSC has highlighted the threats by malicious apps. Official app stores such as Apple’s app store and Google’s play store that have tight security measures in place has been affected by apps that contains malware. Furthermore, third party app stores are more likely to be affected by malicious app as they have laxer security measures.
For instance, Convenient Scanner 2, an app that contains the Joker Malware has been downloaded 100,000 times. Unbeknownst to the user, the malware carries out transactions that are directly charged to the user’s phone bill. Google and Apple have asked developers to remove applications that has been reported of containing malware, but some applications are still flying under the radar of Google’s and Apple’s security processes.
UK’s government initiative
Regarding this, the UK government is consulting new guidelines and best practices for apps and app stores. The main intervention is to propose a Voluntary Code of Practice for app store operators and developers to protect users and encourage developers to improve their practices. The government is gathering feedback for the code of practice from app developers to highlight the processes taken for different app stores and the financial impact of the policy. This proposal would cover all developers of apps that are available in the UK such as Apple, Google, Huawei, Microsoft, and Samsung.
What should we do as end users of the apps?
- Install anti-virus scan on your Android phones, laptops, and PCs
- Beware of third-party app stores and download apps from official app stores
- Delete unnecessary apps from your mobile phone
- Do not jailbreak your mobile phone
(Jailbreak is a technical process to bypass the security controls of the phone's operating system, so that the user can gain root access to the phone and install software that otherwise would not have been allowed by the manufacturer of the phone)
- If you think you have downloaded malicious apps, please factor reset the phone
If you have any questions, contact us at dts.cyber.security.and.risk@lse.ac.uk