In the rapidly evolving digital landscape, mobile apps have become integral to our daily lives, shaping the way we interact, transact, and communicate. However, with the increasing dependency on these apps, the need for robust mobile app security measures has never been more crucial. To shed light on consumer expectations and the evolving threat landscape, we spoke with Jan Sysmans, a Mobile App Security Evangelist of Appdome, about the second annual Singapore Consumer Expectation of Mobile App Security survey.
In this interview, Jan Sysmans shares valuable insights into the survey findings, highlighting the unique expectations and concerns of Singaporeans regarding mobile app security, anti-fraud measures, and on-device malware protection. He also discusses the reasons behind this trend, exploring Singapore’s digital economy growth and its impact on customer transactions and interactions.
Can you tell us more about the second annual Singapore Consumer Expectation of Mobile App Security survey and what prompted the survey?
Singapore is an important financial and tech hub. The e-ConomySEA report by Google, Temasek and Bain & Co. estimates its digital economy will expand 22%to reach USD18 billion this year, and to nearly double that by 2025.
Given this, a lot is riding on understanding how mobile apps factor into customer transactions and interactions. In particular, we wanted to document consumer sentiment on mobile app security, mobile fraud and threats coming from on-device malware.
Appdome’s Consumer Expectations of Mobile App Security surveycaptures the voice of the consumer and allows brands to understand that consumer awareness about mobile app protection is a key element of the overall mobile app experience. The survey results show the impact on brand loyalty, customer advocacy, acquisition costs, average revenue per user (ARPU), and churn that arise from failure to protect consumers.
As it turns out, consumers are on same page as CISOs. Both want better protection against threats, fraud and malware. It has been veryhumbling and satisfying to see that CISOs are using the findings of the Consumer Expectations of Mobile App Security survey toadvocate for their mobile app security projects.
The survey found that Singaporeans have higher expectations for mobile app security, anti-fraud measures, and on-device malware protection compared to their global peers. What do you think are the reasons behind this trend?
One of the most interesting trends in the survey is that Singaporeans are using apps more than their global peers. For instance, in 2022, Singaporean consumers integrated 10 new apps into their regular usage compared to the global base line of eight apps. In addition, 8.7%of Singaporeans said they used mobile apps more, compared to the global average of 6.7%.
So, as they spend more time on mobile apps, Singaporeans are especially wary of cyber threats.
These findings indicate that cybercrime is a national concern, but that the whole-of-nation approach to digitalisation in Singapore has helped emphasise the importance of staying safe online – including while using mobile apps.
One key finding of the survey is that 59.2% of Singaporeans prefer using mobile apps over web channels. How do you think this preference affects mobile app security and anti-fraud measures?
This prevailing trend should cause CISOs and developers to sit up and take notice. With overwhelming demand from Singaporeans for security, anti-fraud and malware protection to be embedded in mobile apps – especially from on-device threats – businesses need to facilitate DevSecOps in their CI/CD pipeline.
And it is highly reasonable to expect businesses to heed this call and deliver more secure mobile apps. In fact, easy integration ofDevSecOps workflows with CI/CD enables organisations to shorten the development lifecycle. At the same time, it ensures apps are certified secure against threats without adding to developers’ workload, complexity, and technical debt.
The survey also revealed that 59% of Singaporeans believe mobile banking apps and e-Wallets need the highest level of security. What steps do you think mobile app developers and cybersecurity professionals should take to meet this expectation?
A standard best practice is to ensure security measures, anti-fraud protocols and malware prevention features are clearly conveyed in the release notes and description on app stores. Real-time monitoring is another aspect to consider, which is critical to staying vigilant about potential breaches and hazards.
There should be an emphasis on incorporating security into development from the very beginning. While organizations focus on agility and rapid releases of new features, they must also incorporate protection measures in their mobile apps directly within the DevOps pipeline, without changing their developers’ existing workflows. This is the only way cyberteams and CISOs will gain visibility, management and control over the security releases in their apps.
The survey found that on-device malware concerns have jumped significantly among Singapore consumers. What do you think are the main factors driving this trend, and how can mobile app developers and cybersecurity professionals address this issue?
According to the survey many of the preferred apps used by Singaporean respondents involve a high volume of transactions, and these are often primary targets in sophisticated attacks because of how lucrative they are.
The increase in on-device malware is partially due to traditional anti-bot offerings, which are struggling to keep pace with the evolving diversity and sophistication of mobile applications. Developers and cyber security professionals are trying to force-fit bot defense methods designed for web applications onto mobile frameworks. This mismatch often requires mobile app developers to face implementation complexities and compromise on securityleading to vulnerabilities in larger parts of the mobile infrastructure. This is what pushed Appdome to create MOBILEBot™ Defense,the first anti-bot solution tailor-made for mobile apps. Otherwise, the only way to allay the fears of consumers is to ensure security measures are set within apps to safeguard against hacking and on-device threats, which was identified as the biggest concern for nearly half of Singaporeans surveyed.
The survey highlights the importance of meeting consumers’ security expectations in building brand loyalty. Can you share some examples of how companies have successfully differentiated themselves by providing a more secure user experience?
A digital bank in the Philippines was looking for a security build system that would not require any added or specialized headcount in mobile engineering while ensuring a smooth and efficient DevSecOps process to protect and respond to threats as they arose.The bank saw in Appdome the ability to achieve all their present and future security needs in one DevSecOps platform, fully integrated in their CI/CD pipeline.
Another example is how one of the largest Argentinian private-sector commercial bank uses our no-code cyber defense automationplatform to seamlessly protect their mobile app and boost customer trust. With Appdome, the bank gained added scalability and future-proofed its mobile apps from an ever-growing number of threats.
Appdome provides a mobile defence automation platform. Can you explain how it works and how it can help mobile app developers and cybersecurity professionals enhance their mobile app security and anti-fraud measures?
Appdome is a no-code Mobile Cyber Defense Automation platform that lets brands build any number of mobile app security, mobile fraud prevention and mobile malware prevention into theirmobile apps, in their CI/CD pipeline. Appdome works with any Android (AAB or APK) or iOS (IPA) app, developed in any framework (native, hybrid and non-native). Building protection is instant and does not require any changes to the app, any SDK or manual coding. With Appdome, mobile app developers do not have to make any changes to how they build their mobile apps today. They can either log on to the platform and use a simple point and click UI to build the protections or connect Appdome to their build system (such as Jenkins, Bitrise, GitHub, Gitlab, CircleCI, Azure Dev Ops) and build the required protections in their existing CI/CD workflow.
At the end of each build, Appdome will provide Dev and Cyber teams with an Artifact of Proof; the Certified Secure™ certificate. This Artefact of Proof is a separate, auditable and detailed build certification that guarantees Android & iOS builds are protected by the mobile app security, anti-fraud, anti-malware and mobile cheat prevention features when the app is published in the DevOps CI/CD release cycle. The Certified Secure certificate can also be used as proof that the protections are in the app and as such eliminate any need for pen testing.
And finally, Appdome’s ThreatScope™ Mobile XDR provides brands with real-time visibility on the actual attacks and threats that Appdome-protected apps face when released in production. ThreatScope provides analytics-grade, real-time mobile attack detection data, telemetry and intelligence across all mobile app security, anti-fraud, anti-malware and anti-cheat detection and defense vectors impacting mobile apps. With ThreatScope, developers, cyber security, and RED teams can analyze top attacks and threats, make data-based decisions which protections to deploy in each release, and prove the effectiveness of protections, and all from inside the DevOps CI/CD pipeline.
Looking ahead, what do you think will be the key trends and challenges in mobile app security and anti-fraud measures in Singapore and globally?
Organizations must be wary of large-scale, automated, and technology-based attacks such as synthetic fraud. This complex form of identity theft is escalating the sophistication of threats faced by both the public and private sectors.
But organizations should not lose sight of threats such as trojans too, which are noticeably on the rise due to the race to get to the market faster. However, this need for speed should not come at the expense of security objectives. Ultimately, speed without security will still result in apps that fall short of customer expectations. Leveraging automation offers a way to do both, integrate security into mobile apps rapidly and enable real-time monitoring of threats.
What advice would you give to mobile app developers and cybersecurity professionals who want to adapt their mobile app security and anti-fraud strategies to consumers’ expectations for protection?
Meeting customers’ expectations begins with recognizing that network-level safeguards and client-side compliance functionalities just don’t cut it anymore.
Businesses must be confident in their apps’ cyber security and remain transparent around their security measures, anti-fraud protocols, and malware prevention.
Organizations should also pivot towards embedding security at the very start of the development lifecycle. Leveraging no-code tools empowers them to do just this by better operationalizing mobile app security in the CI/CD pipeline and taking an engineering approach to DevSecOps.
Can you tell us more about Appdome’s future plans in terms of product development, partnerships, and expansion in the mobile app security industry?
The exploit economy is always evolving and has become fully automated. Appdome employs a large security research team that is constantly looking for new attacks and variations of existing threats and attacks to stay ahead of hackers and fraudsters. One of the most interesting things we’ve learned is that once a mobile app is under attack, that attack will never end, and the attack vectors used will only increase. Recent trends show us that synthetic fraud and on-device malware represent the biggest attacks against mobile apps.
We take pride in offering our customers a Total Protection Guarantee. On average, Appdome protected apps stop over 143million attacks per month, keeping the mobile economy safe and humming.