asdr-intro-bg1.png

Mobile App Security Insights

The Dangers of App Piracy and Fighting Back with Security

Jul 26, 2017 1:03:53 PM / by Sung Cho

The-Dangers-of-App-Piracy-and-Fighting-Back-with-Security-Blog-IMG.png

Fifteen years ago, the danger of app piracy was nowhere in anyone’s consciousness. The tech savvy among us were still trying to convince loved ones not to give money to foreign princesses promising millions, or to -- please, for the love of everything -- stop clicking every link in every email. The security climate of today would have seemed like a dream come true to the hackers, criminals and other technological evildoers of yesteryear.

Imagine a device that gives a hacker direct access to just about everything they need to steal someone’s identity and capture their finances. Imagine a hand held device that stores every single one of a business’s proprietary secrets, plus a hefty dose of personal data. Oh, and what if consumers were clamoring to download apps designed by just about anyone, without any concern at all for their security?

When you phrase the app market and the world of smartphones that way, it becomes abundantly clear how bizarre the world we’ve grown accustomed to really is: consumers gleefully give private data to people they don’t know in exchange for a little convenience. And the results are often terrible. App piracy has made things distinctly worse, for consumers, developers, and the enterprises that cater to them both.

Our white paper provides a comprehensive guide that will help you secure your app.

white-paper-pages.png 

A World of Hacks Meets a World of Apps

A few years ago, hackers had two basic options for accessing consumer data: breaking into consumer devices by guessing passwords or using malware such as viruses, or using behavioral engineering techniques (Nigerian princes, anyone?) to get customers to willingly give away their data.

Now that everyone carries miniature computers in their pockets, things are much easier. There is an app for everything. Which means that there’s a way to convince consumers to give away even the most sensitive data. Label something a fertility app, and consumers will gleefully share everything about their health and relationship. Create a financial management app, and instantaneously gain access to a consumer’s entire financial history, financial goals, even their financial worst fears.

You’ve heard it all before. But have you really considered how app security issues -- particularly pirated apps -- can affect your business? Consider the following:

  • Pirated apps allow criminals to act on behalf of your company, destroying your reputation and good will, while harming your customers.
  • App security issues pose the biggest liability threat most businesses will face. Target has shelled out millions to compensate customers for its own hacking scandal.
  • In a world of pirated apps, standard security measures don’t go far enough. That’s a scary fact for companies that already have holes in their traditional security protocols.

What is App Piracy?

First, the basics: app piracy is the practice of downloading pirated apps to avoid paying for them. Like music piracy a decade ago, app piracy saves people money -- but often at the expense of their security.

90-percent-piracy-stat.png

Accurate piracy numbers are hard to come by. That’s by design. Sites that allow pirated downloads attempt to obscure what they’re doing, and are unlikely to release hard numbers. But estimates suggest that for some paidapps, the piracy rate is as high as 80-90%. And contrary to popular belief, apps on iOS are just as vulnerable as those on Android.

The primary reason consumers use pirated apps is financial: particularly among consumers who download many, many apps, there’s a strong incentive not to pay for them. Yet even among only occasional app users, greed is rampant. People will risk infecting their devices and releasing their private information to avoid paying download fees as low as $0.99. Some will even spend hours looking for the right pirated app to avoid paying a few bucks. It’s a bad deal for everyone.

Consumers who download apps either don’t care about their privacy because they don’t understand what’s at stake. Or they don’t take the threat seriously. They might not know about the malware that struck 1.3 million users through a single app, or the millions of consumers whose lives have been upended by encroachments on their privacy and financial data.

Financial reasons aren’t the only factor motivating app piracy. Understanding other motivating factors can help enterprises design and promote apps that capitalize on consumer psychology and minimize the risk of piracy. Those factors include:

  • Being willing to pay, but thinking the app price is unfair or too high.
  • Wanting an earlier version of the app, or wanting more control over app customizability; some pirated apps contain security and other loopholes that give consumers more control over the app.
  • Not recognizing the value of the app, and therefore being unwilling to pay for it.
  • Not being sure whether the consumer will actually use the app. Consumers don’t want to pay for products they’re not certain will confer benefits.
  • Pirating is easy. Particularly on Android, the open environment means that piracy costs consumers little time. Enterprises developing apps for Android, then, need to be highly mindful of how easy it is to pirate an app.

How Pirated Apps Threaten Developers and Enterprises

Businesses that sell apps and the developers who create them may mistakenly believe that piracy constitutes a small market segment, or that only highly skilled users pirate apps. Therefore, the thinking goes, piracy costs little, and is virtually impossible to prevent.

Not so. App piracy is extremely costly to businesses -- especially those whose primary offering is an app. Estimates are hard to come by, since precise estimates of piracy are largely unavailable. But one figure suggeststhat, on iOS alone, app piracy has cost somewhere in the vicinity of $450 million.

IOS-140M-piracy-stat.png

That’s a figure that will doubtless surge higher in coming years, as hackers and criminals devise more novel ways to pirate apps (and to benefit from the piracy). It’s likely that, whatever share of your profits app piracy ate up this year, it will increase next year.

The cost of piracy can’t be measured only in lost profits, though. The toll this practice takes exerts other influences that can cost you goodwill, and which may eventually cost you money.

Some concerns include:

A loss in app rank and visibility.

A popular pro-piracy argument suggests that piracy increases visibility, but this is only for large enterprises who draw visibility from other sources. Think Wal-Mart or other giant conglomerates, that draw massive traffic to their own and other websites. For smaller businesses -- in other words, virtually all enterprises offering consumer apps -- each pirated app download hits the app’s visibility.

Store visibility rankings are based solely on downloads. So when more people are downloading your app on third party sites, your app becomes less visible. This decreased visibility can cause even fewer people to download your app on the Apple store or Play store, further lowering your rank and initiating a vicious cycle that can be hard to recover from. Put simply, apps that find ways to reduce piracy get a near-automatic bump in visibility.

A vicious cycle of lost profits and failed attempts to recoup expenses.

To keep their financials on track, most businesses have clear income goals and benchmarks. Significant deviations from these projections can prove catastrophic. So one way many businesses attempt to recover the profits lost to piracy is by raising the price of each individual download. This can actually spur more piracy, further eating into profits.

For enterprises that do not wish to rise download prices, there’s another option. Taking inspiration from the publishing industry, which relies on advertisements to supplement subscription prices, these businesses use ads in paid apps. Though enterprises attempt to make these ads less intrusive, or otherwise offer additional value in return for the download price, consumers loathe ads. So when a paid app contains advertisements, consumers are less likely to download it.

There’s a third option that enterprises trapped in this unpleasant cycle sometimes turn to: giving up and offering their apps for free, while seeking some other way to make money. From in-app purchases to subscription services, many businesses are turning away from apps as a profit driver. For businesses whose profits were even partially dependent on app downloads, this can demand a complete change in operations.

Stifling innovation.

Innovation costs money, particularly when businesses are paying highly skilled developers and other experts. Piracy costs money, and that in turn reduces the ability of businesses to innovate. The result is a stagnating marketplace, with less competition and fewer valuable offerings for consumers. This hurts businesses and consumers alike, and can erode the total value of the app economy.

Liability issues.

The specter of a lawsuit is enough to terrify even the wealthiest, most successful businesses. Lawsuits are public records, which means that being sued drags your dirty laundry out into the public view. And even if you think you’ve done nothing wrong, the perspective of the party who thinks you have will gain a giant, blaring spotlight.

You’re probably not legally responsible for piracy -- indeed, you likely have a claim against the people who pirate your apps. But pursuing that claim can take years. Moreover, it’s possible that a customer could sue you for something that happens to them after downloading a pirated app. This is new legal territory, but if you didn’t properly secure the app, it’s conceivable that the consumer could have a claim. This puts enterprises in an impossible position: they suffer financially at the hands of pirates, but then may be forced to pay for the damage those pirates cause.

Loss of reputation and goodwill.

It might seem nonsensical. But when a pirated app harms consumers, the consumers are unlikely to remember where they got the app. Instead, they’ll remember the business that developed the app. They may blame that business -- either for not making the app secure, for not offering the app for free, or even because they forget that they downloaded a pirated app in the first place! Reputation is everything, particularly in the competitive world of app development and promotion. The last thing businesses need is to lose consumer confidence.

How Pirated Apps Harm Consumers

Though consumers are eager users of pirated apps, they’re actually the ones who stand to lose the most. Research has shown that piracy is a significant source of malware, hacking, and other criminal acts against consumers. So what do consumers who download pirated apps stand to lose?

App_Piracy_study.jpg

Image from www.cnet.com

Loss of privacy.

Pirated apps often contain bits of malware designed to invade a customer’s privacy -- either for financial gain, or simple enjoyment. One common technique is to insert keystroke loggers into pirated downloadable keyboards. Pirates then make the results of keystroke logs available to criminals, or even publicly available on various websites.

This loss of privacy can be humiliating and even dangerous. It almost always compromises consumer’s financial and health data.

Financial and other breaches.

Phones are essentially mobile computers with thousands of bits of data readily available for the taking. Those include, but are by no means limited to, bank passwords, sensitive health data, family contact information, family data that can used to guess passwords, texts, emails, family photos, password logs, lists, notes, and so much more.

A few simple lines of code can peer into consumers’ phones and steal their data. What’s more, even when pirates aren’t sophisticated enough to do this, they can access consumer data in another way. Consumers willingly input loads of sensitive data into their apps, and rarely let the pirated nature of an app deter them. This is a recipe for becoming a crime victim.

Device loss.

Remember the bad old days, when most people didn’t understand the dangers of clicking the wrong link in their email? If you had a Windows machine, this could compromise the entire machine, demanding hours of work or even destroying the hard drive thanks to viruses and other malware. The same is now true of smartphones. Consumers who download the wrong pirated app can see their phones overrun by viruses, or simply slowed down by needless bloatware that renders the device much less efficient. No consumer is thrilled about a smartphone that becomes dumb.

Physical danger

Not all criminals are interested in financial data or entertainment via privacy invasions. Some are out to do harm. Disgruntled exes, former employers, even abusive parents may use malware -- or the data that creators of malware make publicly available -- may use pirated apps to gain access to users’ physical location. This can put them in danger, and cost them dearly.

Secure Your App Against the Danger of App Piracy

Enterprises and developers cannot afford to simply throw up their hands, resign themselves to pirated apps, and go about their business.

That’s not a sustainable solution. You might not be able to protect against each and every instance of piracy, but you can significantly reduce the risk. You have an obligation to protect consumers, and you have an obligation to preserve your bottom line.

One way app developers and enterprises can protect consumers is by educating them about the perils of pirated apps, without hyperbole or exaggeration. Another strategy is to offer something so valuable, at such a fair price, that consumers are thrilled to pay.

Unfortunately, in a high stakes game, this is rarely enough. The right security strategies can protect your app, your customers, and your reputation. Read our white paper to learn more.

iOS-Backloading-and-Rogue-App-Stores-Big

Topics: Mobile App Security, App Piracy

Sung Cho

Written by Sung Cho

Head of Marketing at SEWORKS Co., Ltd.