Digital.ai releases first annual application security threat report, illuminating and quantifying the risks to apps in the wild
Gaming and FinServ apps are most likely to be attacked; Android apps are more likely to be put in unsafe environments than iOS apps; Android apps (28%) are 22% more likely to be run with modified code than iOS apps (6%)
RALEIGH, September 12, 2023 – Digital.ai the leading provider of enterprise-grade software development and delivery solutions, today announced the results of its 1st annual Application Security Threat Report, illuminating and quantifying the risks to applications in the wild. The results reveal that 57% of all monitored apps are under attack, with gaming (63%) and FinServ (62%) the most likely to be attacked. The study found no correlation between an app’s popularity and likelihood of being attacked but found Android apps are more likely to be put in unsafe environments (76%) than iOS apps (55%). Android apps are also more likely (28%) to be run with modified code than iOS apps (6%). Digital.ai surveyed its application security customers around the globe, based on point-in-time data collected from February 1 – February 28, 2023.
Digital.ai’s Threat Analytics Report study helps security professionals identify threats to apps so that they can better apply defenses to apps.
“There were a staggering 100 billion mobile app downloads in 2021 alone. Between curious actors and threat actors, the reasons and motivations for attacks on any app are varied and increasing,” said Greg Ellis, General Manager, Application Security, Digital.ai. “In lucrative industries such as gaming and financial services, there is money to be made and desirable “street cred” from hacking games. Our customers have determined that building security into their apps is the best way to prevent attacks on their apps.”
A confluence of factors helps to explain the high likelihood of an attack in 2023.
- The pace of tool democratization among threat actors has accelerated. Reverse-engineering tools such as Ghidra and dynamic instrumentation toolkits such as Frida have recently become more sophisticated and popular.
- The advent of cryptocurrencies and P2P payment apps make it much easier for threat actors to “cash out” of schemes, particularly if ransomware is involved.
- The nationalization of attacks has opened up enormous resources for threat actors.
“Application owners know all too well the pressures of creating more apps, faster, especially with the addition of AI-code assist tools,” said Derek Holt, CEO, Digital.ai. “This leads to security getting short-changed; it is often not included the DevOps process or it is seen as an impediment without an obvious starting point. Digital.ai’s platform enables teams to inject security capabilities and procedures early into the development cycle, without blocking innovation or slowing down the development and delivery process. This means security teams can monitor applications in production for better visibility into when apps are at risk.”
Risks to Apps by Industry
After analyzing results from multiple industry sectors, the study found that gaming (63%) apps and FinServ apps (62%) are the most likely to be attacked. The stakes are high in in the $250B gaming industry. Selling pirated games in grey-market app stores such as Cydia can give hackers direct income. In addition, money can be made in the micro-economies that popular games create and foster. Those who crack the most protected games are often hailed within the gaming community and are considered worthy of respect.
Apps outside of FinServ and gaming — such as implantable medical devices, Bluetooth-connected phone apps, retail, and more — have a 54% chance of being attacked.
Digital.ai has hundreds of app security customers worldwide who protect over 1 billion instances of applications. It offers application security solutions that build security into apps in multiple ways.
- Embedding security into the application development process
- Obfuscate code to prevent reverse-engineering
- Prevent tampering by detecting unsafe environments and code changes
- Configure customized or automated protections on-premises or in the cloud
- Providing visibility into at-risk apps
- Produce stand-alone reports or integrate with existing Security Operations Center tools
- Create searchable logs
- See which guards and protections are activated
- Automatically responding to threats
- Force step-up authentication
- Alter app features
- Shut down apps that are under attack
- Create custom tamper responses
Survey Methodology
The 1st annual Application Security Threat Report was conducted by Digital.ai using data from its application security customers around the globe, based on data collected from February 1 to February 28, 2023. Two types of data were collected and analyzed – telemetry data, which includes the type of guards that are used for a particular app but does not contain information on whether a guard has been “tripped” or “fired” – and app aware data from customers’ Digital.ai threat monitoring system. The study was conducted with permission from customers, and data was anonymized and aggregated.
For more information about Digital.ai, visit Digital.ai. To read the full report, click here.
About Digital.ai
Digital.ai is an industry-leading technology company dedicated to helping Global 5000 enterprises achieve digital transformation goals. The company’s AI-powered DevOps platform unifies, secures and generates predictive insights across the software lifecycle. Digital.ai empowers organizations to scale software development teams, and continuously deliver software with greater quality and security while uncovering new market opportunities and enhancing business value through smarter software investments. Additional information about Digital.ai can be found at https://digital.ai and on Twitter, LinkedIn and Facebook.
Media Contacts:
Joyce Tompsett
Director, Analyst Relations and Communications
Joyce.tompsett@digital.ai
Colleen Martin
Zer0 to 5ive, for Digital.ai
colleen@0to5.com
