Mobile App Enterprises Losing Revenue Due to Poor Security
A new study by Bluebox shows that mobile app enterprises may be losing money because they are not investing enough in security. The company examined Hulu, Tinder and the Kylie Jenner Official App, as these apps lack self-defense capabilities that protect against tampering, resigning and redistribution. Hackers can easily defraud enterprises like these by disabling ads, accessing premium features for free and bypassing subscription payments.
Not only can hackers steal these features, they can sell them as unsanctioned third-party apps on stores that lack security review. Bluebox found 42% of consumers are already downloading apps from these sources.
For an additional $4 per month, Hulu customers can access commercial-free content. This option provides Hulu an additional annual revenue of $1.5 billion. Bluebox was able to determine that hackers have figured out a way to use Hulu commercial-free without paying the additional subscription costs. This has further implications for other apps, which make money from advertisements. As more people download unauthorized apps, companies will lose more money.
Premium Feature Access
The dating app Tinder offers core services for free but generates additional revenue with features such as unlimited swipes through Tinder Plus. Bluebox determined some Plus features are managed and controlled by unprotected mobile app codes that leave them exposed to hackers. As with Hulu, as more people download these altered, unauthorized apps, the more revenue Tinder can lose.
Subscription Payment Bypass
Bluebox found that hackers could rewrite pieces of the code for the Android version of the Kylie Jenner app, which could trick the app into thinking they had paid for premium content when they had not. Once the user gains access to the premium content, they receive an authentication token they can use to access the premium content from any device or platform, even on unmodified versions of the app. This is not just a problem with the Kylie Jenner app. Without self-defense app security, any subscription-based app can be altered.
To protect their revenue, Bluebook says enterprises must create mobile apps that can defend themselves, using basic security measures such as anti-tampering controls and encryption of app data. Bluebox has found this sort of mobile app security is virtually non-existent right now.