The “Apps” of Criminals’ Eyes

The mobile applications marketplace is a way for cybercriminals to reach millions of users worldwide quickly. According to recent data from market research firm comScore, smartphones — while representing only about 25% of the total U.S. wireless subscriber market — accounted for 60% of app downloads and nearly 56% of mobile browser access for a three-month period ending August 2010. And, according to a recent Pew Internet study, the average U.S. adult has 18 apps on his or her smartphone, and 20% of cell phone users under the age of 30 download apps frequently.

Weather, mapping, social networking, search, and news apps are among the types of mobile apps adults most frequently download. But game apps, according to the Nielsen App Playbook, are most popular: 60% of users over the age of 18 used a game app in the past 60 days.

Cybercriminals channeling more energy into the mobile market honed in on younger users. This isn’t surprising considering the statistics: Mediamark Research and Intelligence reports that the number of children using cell phones doubled since 2005. Today, one in five children in the US between the ages of 6 and 11 carries a cell phone.

One notable example of an exploit aimed at compromising younger mobile device users came to light in mid-2010. Free wallpaper apps in the Android Market, featuring themes popular with children such as Star Wars and My Little Pony, were collecting unnecessary information from subscribers. The information, mobile device phone numbers and subscriber identifier and programmed voicemail numbers (but not voicemail passwords or SIM card numbers), was sent to a site in Shenzen, China. The app was downloaded millions of times before the surreptitious data-collecting activity was discovered.

“Third-party mobile apps are emerging as a serious threat vector. And right now, that market is like the Wild West,” warns Horacio Zambrano, product line manager for Cisco. “No one is looking at these apps and determining what is a ‘good app’ or a ‘bad app.’”

Excerpted and adapted from the Cisco 2010 Annual Security Report

In this article

Join the Conversation