NCSC have published an interesting report that was compiled to inform the Department for Digital, Culture, Media & Sport (DCMS) on the current threats associated with app stores.
The report found that a number of vulnerabilities within the app store submission processes have been exploited by attackers, allowing them to successfully distribute malware via apps.
Apple (4.3 million apps) and Google (2.9 million apps) host the largest app stores, but a number of third-party app stores also exist. Whilst the likes of Apple and Google have a vetting process before an app is accepted, malware still makes its way onto stores.
The report concludes that app stores across all devices share the same threat profile and that using mobile app stores is an attractive attack vector for criminals seeking to exploit as many victims as possible.
The report suggests that app store operators who adopt the DCMS Code of Practice for App Store Security will reduce the likelihood of malicious apps getting through the vetting processes. The unstated assumption is that some malicious apps will still find a way in.
If you’re located in Somerset, Bristol or the surrounding areas, please contact us if you need any cyber security advice. We don’t have an app for that right now, but we’ll be pleased to hear from you.