NCSC Warns About Malicious Apps on App Stores, Chief Backs New Consumer Regulations


Protect Your Access to the Internet

The U.K’s National Cybersecurity Centre (NCSC) report addressed the threat posed by malicious apps downloaded through official and third-party app stores.

The report warned that cybercriminals exploited “weaknesses in app stores on all types of connected devices to cause harm.”

It highlighted “fraudulent apps containing malicious malware” and “poorly developed apps” that cybercriminals could exploit.

The NCSC also criticized app store operators for failing to explain app requirements to developers and giving inadequate feedback when they reject an app or update.

Malicious apps exist on all app stores and target various device types

The study conducted between December 2020 and March 2022 found that 87% of UK residents own smartphones. More than half (52%) of U.K. residents have also downloaded an app from the Google Play store and 44% from Apple’s App Store.

While Android gets a bad rap for malicious apps on Google Play Store, NCSC warned that these vulnerabilities exist in various app stores and their competitors.

Additionally, NCSC noted that malicious apps could run on various devices apart from smartphones, including laptops, computers, games consoles, and wearables such as smartwatches and fitness trackers. Other devices targeted by malicious apps include smart TVs, smart speakers such as Alexa devices, and IoT devices.

Despite the high malware prevalence, the NCSC acknowledged that mobile app stores were “not fundamentally different” from other stores.

However, the sheer number of smartphones owned by consumers made mobile app stores attractive channels for distributing malicious apps.

The NCSC heads noted that the biggest problem plaguing app stores was malware capable of stealing users’ information and causing financial losses.

“All app stores share a common threat profile with malware contained within apps the most prevalent risk,” cyber security minister Julia Lopez said.

For example, Android phone users downloaded apps infected with Triada and Escobar malware from third-party app stores. The malicious apps led to cyber-criminals remotely taking control of people’s devices, stealing their data, and enrolling them in premium services.

According to the…