The State of App Security Report
A 2017 study found that there were over 2,200 attempted cyber attacks every day, boiling down to about 1 every 39 seconds. Given how much cybercrime has expanded since then, it’s probably safe to say this figure is now much higher.
With most of our data being held online, from intimate details shared on social media meant only for our followers’ eyes to highly sensitive bank details we can access using face ID, our lives are ever more vulnerable to break-in.
The cost of app hacking
According to Action Fraud, reported social media and email hacking costs UK citizens £2.6m a year, or an estimated £186 per hack. This is mainly through fraud due to access to personal information, phishing and even ransom.
This means unreported app hacking could be costing the UK as much as £19m every year, with the global cost potentially reaching over £202m yearly.
Facebook is the most likely app to be hacked, assumedly due to its high volume of users. The potential global monthly cost of Facebook hacking is over £7.5m, far overshadowing the potential £1.6m a month lost in the UK on apps overall.
In addition to the potential monetary cost of hacking, malware infections can sometime result in the need for mobile phone repair or replacement, which can push the cost of the infection up even higher.
The most hacked apps globally
The most vulnerable apps by category
Globally, social media hacks are searched over 53,000 times a month, followed by streaming services at 17,900 per month and messaging services with 11,500 searches a month.
Internationally, finance apps are hacked an estimated 5,700 times a month, with PayPal (3,300) Cashapp (1,200) and Venmo (1,000) suffering the most.
When comparing banking apps in the UK, Santander is the most vulnerable with 40 searches per month, followed by HSBC, Nationwide and Monzo with 30 monthly searches each.
However, considering Facebook accounts are hacked up to 3,300 times monthly in the UK, banking apps can still be considered fairly safe.
The UK's most hacked apps
Most common app hacks
Operating system vulnerabilities
Operating system vulnerabilities occur in two ways: your apps are out of date or the vulnerabilities are built-in.
To avoid the first, it’s a good idea to keep all your apps updated regularly so any vulnerabilities identified can be patched properly before hackers can exploit them. This is especially important for second-hand and refurbished phones as many manufacturers stop providing security updates to their older models, so owners need to be particularly vigilant.
The second is the responsibility of the app creators, which is why it’s advised you only download apps from trusted sources and do your research first if in doubt. However, a recent study found that apps on the Google play store have an average of 39 security vulnerabilities each, including popular banking and payment apps.
Often, scammers will send texts or emails pretending to be from the security team at apps like Facebook, Google and YouTube. These emails or texts are used to convince you to give away your login details so the hacker can then access your apps.
In addition to losing access to your apps, this can cause further security vulnerabilities as many people reuse passwords and letting your login details for one account fall into the hands of a hacker could lead to more break-ins elsewhere.
The best way to avoid this is to only answer emails and texts from trusted senders and never tap links from these senders. If you need to, copy and paste the URL or search for the security access via a search engine for precaution.
Most commonly, insecure or untrustworthy apps are the cause of malware finding its way onto your phone. Hackers place malware in the code of their apps to be downloaded to your phone along with the app, thus allowing them access to the data on your phone.
Malware can be hard to detect as it typically doesn’t cause notifications or alerts but can be dangerous if it provides the hackers with surveillance over how you use other apps on your phone. You may find that your phone is more sluggish when opening apps or using the internet or your data is drained faster than usual.
The best way to avoid malware is to only download trustworthy apps or download a cybersecurity app for your phone to do regular checks for harmful code.
The apps we most want to hack
We’ve all been guilty of reusing passwords or using less difficult but more memorable passwords to avoid filling in constant ‘forgot password’ forms. But, as more and more digital platforms emerge, the safety of these passwords is put in further peril.
Password hygiene is essential for keeping yourself safe and protecting your personal online presence from hackers. Here are a few of the latest pointers to remember:
New recommendations say passwords of three random words most safe
The National Cyber Security Centre (NCSC) recently renewed their calls for people and organisations to consider a ‘three random words’ strategy. This involves creating passwords of random word combinations rather than the traditional mix of characters and numbers.
This strategy works because it opens up infinite possibilities for passwords, making it harder to accurately guess the correct combination. The NCSC also states that writing your passwords down on a piece of paper isn’t as huge a risk as previously thought and can help you remember your random password combinations more easily.
Using the same password for multiple sites puts you at greater risk
As humans, our memory functions by using familiarity or specific coping mechanisms and it’s the same for passwords. If we were to create brand new, randomised passwords for each account, we would forget most of them.
However, using the same password for all your accounts puts your entire digital footprint at risk should a hacker gain access to it. Online password managers or a simple piece of paper can help you organise various passwords and are highly recommended by the NCSC.
Use multi-factor/biometric authentication for all of your apps
In addition to your passwords, adding extra steps to your login procedures makes it much harder for hackers to gain access.
Most social media platforms have now implemented two-factor authentication, involving an email or text passcode with every new sign-in to confirm it’s really you logging on. Banking apps, among others, also make use of modern smartphones’ biometric login information, such as fingerprint or face ID for additional security.