Intelligent CISO Issue 10 | Page 58

ESET expert on how to stay protected as the threat of scam apps grows Read reviews While most scam apps do in fact include numerous positive reviews, these often show signs of phoniness. Wording may be very vague, downright nonsensical or exhibit repetitive patterns (including different reviews repeating the same phrases or having similar usernames, for example). It’s a good idea to re-order the ranking options on reviews to see a more balanced picture: depending on the particular app store, you can sort the reviews to see those that have been deemed ‘most helpful’ or that are ranked ‘most critical’ first. Be patient In a blog, Lysa Myers, Security Researcher at ESET, outlines the growing threat from deceptive practices to scam both iOS and Android users alike, offering advice on how users can safeguard themselves from such threats. Be aware of the limitations of app store review processes here’s nothing new about advertisers and app developers using deceptive practices, but the Touch ID scam that Lukáš Štefanko wrote about recently is a significant twist in this ongoing story. Of course, iOS users are not alone in facing these dilemmas; as Lukáš wrote earlier this year, Android users are experiencing their own flood of predatory app tactics too. Due to the incredibly large total number of apps and updates that each major app store sees every day, much of the work involved in the review of new submissions is automated. This means that each app likely has functionality that will not necessarily be seen by a human or be tested specifically. T What can we do to protect ourselves against these fraudulent practices? 58 The policies and review procedures of major app stores do keep out a large number of fraudulent apps. While there are always more things they might and probably should be doing to continue to improve this problem, it is an ongoing learning process for all of us. Even very well-known and more-or-less legitimate app vendors have been caught doing things to try to evade having certain functionality reviewed. This means it’s still crucial to do our own due diligence. The best time to figure out whether an app is a scam is before you download it. While it may be hard to calm the fear of missing out, it’s best to wait a few days or weeks before downloading brand new apps, to let other people be the ‘guinea pigs’. This way you can read what other people have to say about the app’s functionality before making a decision. Use apps by developers you know and trust If at all possible, it’s a good idea to stick with reputable app developers. If you’re new to a platform, that may be easier said than done. In that case, it’s a good idea to do a little more research first, to get a better sense of whether a particular developer already has other well-reviewed and popular apps that are currently available for download. Read the full article at www.intelligentciso.com. u Issue 10 | www.intelligentciso.com