RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2
2022/03/16 15:47:02

Mobile apps

Mobile applications - a computer program created specifically for use in a mobile phone, smartphone or communicator, which is designed to perform a particular task.

Content

Mobile Application Market and Platforms

History

2018: Russia adopts mobile application development standard

The state approved a preliminary standard for the development of mobile applications, according to a statement by Rosstandart, published on the agency's website on July 10, 2018. The requirements are advisory in nature, but, according to the authors, will have to become a "guideline in development." Read more here.

2017: Waiting for free apps for Apple and Google to disappear

The free model of distributing applications for smartphones will very soon cease to exist. This was announced in July 2017 by the head of the mobile development department of Artezio (Artesio), the author of the Cost Track project Igor Esipovich. According to the expert, a monthly subscription system will come to replace the free and shareware model, which at the moment is becoming a priority for many developers.

"Free and shareware apps are making less and less money for their creators," Esipovich says. "If earlier free applications were well monetized through advertising, and shareware brought enough profit thanks to internal purchases, now the situation has changed and the model using a monthly subscription comes first," the expert noted.

A significant role in the growing popularity of the subscription model is played by Apple's policy, which relies on monthly deductions rather than one-time sales revenues.

"Apple is seriously encouraging developers to implement paid subscriptions. The corporation receives 30% from the sale of content, and only 15% from the subscription, leaving 85% to the developer against 70% of the income from the sale, as in the usual case, "said the head of the Artezio department
.

The expert notes that while in digital stores the largest profits are generated by projects with a shareware distribution model.

"A shareware model, or rather a freemium and premium model, works much better than everyone else so far. For example, Clash Royal, Clash of Clans, World of Tanks - these applications are not sold, they provide only built-in purchases. Mortal Combat carries no less promoted brand than Ubisoft with Assassin's Creed, but it is in Mortal Combat that built-in purchases are much more efficient, "Esipovich notes
.

The specialist believes that over time, the shareware model will become unpopular, and the developers will receive the main income from the updated subscription. At the same time, there will be practically no completely free applications.

2013: PwC on the future of mobile apps

According to the forecast prepared by PwC in September 2013, the next generation of innovative solutions in the field of mobile technologies will be aimed at recognizing and modeling the contextual situation of the consumer. Information about users in three main parameters - physical location, virtual and social environment - will become the main resource that will create mobile applications and services with radically new capabilities and capable of predicting consumer preferences. Mobile devices will be able to become truly digital assistants.

PwC's Phase II report on the Mobile Innovations Forecast (MIF) Phase II: New technological capabilities demonstrates how the user experience will change with the next generation of mobile technologies.

"We are entering a new, dynamic phase in the development of mobile technologies, marking a transition from a limited set of information and computing functions to intelligent analysis and rationalization of the physical, virtual and social environment of device users," said Raman Chitkara, head of international service practice for PwC technology companies. - Soon, mobile devices will be able to analyze and predict human needs using platforms that involve the user, relying on information obtained from numerous sources. The main goal of this process is to create even more intuitive mobile devices. "

As noted in the PwC report, contextual intelligence in mobile computing will be able to obtain situational information from three main sources, including:

1) device data (for example, power supply, operating system, data storage, etc.);

2) data on the physical environment (location, weather, etc.);

3) user data (ID, applications, stored information, etc.).

The capabilities that mobile devices, networks, applications and next-generation services should have in order to collect user data from sources such as sensor sensors on devices, laptop computers and the electronic ecosystem of transponders on other people and objects, and process them:

2010: Mobile Application Types

Regardless of which device this or that program is used for, mobile applications can be divided into paid and free.

Free applications, as a rule, are quite simple software with a limited set of features. Free software is often designed to solve a specific problem (for example, viewing e-mail). According to experts from the GetJar organization, free applications in most cases are used by phone owners for a short time. One of the reasons for this behavior of users is due to the fact that it is inconvenient to work with several open free applications at once. Firstly, this affects the performance, and therefore the battery life of the device. Secondly, the user can simply be annoyed by the constant transition between programs (especially on touch-screen devices) and the associated loss of time.

As for paid mobile applications, they, on the contrary, offer the user advanced functionality for each individual software product. For example, the alternative SPB Mobile Shell user interface for Windows Mobile-based communicators offers the user several options for managing the device and its software using a single application. In addition, developers of paid mobile software, as a rule, offer the ability to update software.

Also, mobile applications can be divided into entertainment (multimedia), communication, navigation, reference and application. Entertainment mobile software includes audio and video players, image and e-book viewers, games. Communication applications are responsible for the user's communication by phone and SMS, his contacts in e-mail, ICQ, social networks. Navigation programs include applications that work with the GPS system, electronic maps and geographic coordinates. Reference software includes various dictionaries and encyclopedias, searchable databases. Applications include notebooks, organizers, a calculator, programs for working with graphics and text.

2000s: The Age of Communicators

By that time, smartphones and communicators began to gradually conquer the mobile cellular device market. With broader capabilities and performance, they differed from conventional mobile phones by the presence of a fairly developed operating system (Windows Mobile, Symbian OS, RIM, Android, Mac OS), which is open to software development by third-party developers, unlike the software environment of conventional mobile phones, which is closed to third-party developers. It should be noted that the installation of additional applications allows you to significantly improve the functionality of smartphones and communicators compared to conventional mobile phones. But, note that each specific operating system requires the installation of applications corresponding to it, that is, programs created specifically for a particular OS. For example, the organizer program created for Windows Mobile cannot be installed on the Simbian OS used in Nokia Corporation smartphones, or Mac OS ( Mobile Touch version) for an iPhone from Apple.

In addition, it is worth noting that the presence of a fully functional operating system does not make smartphones and communicators more attractive in the eyes of most users. Modern cell phones, or rather models belonging to the middle price category and above, can often cope with many tasks. They can work with e-mail, view text documents and spreadsheets, photos and video files.

In addition, the screens of a number of cell phones are not inferior to most smartphones and communicators, and the latest models are also equipped with touch screens and memory card connectors. Therefore, today it is the owners of ordinary mobile phones who make up most of the consumers of software applications.

But on the other hand, smartphones in the eyes of this category of users look more attractive due to other features, such as, for example, advanced multimedia functions (a better camera, advanced video playback capabilities, improved musical abilities), Wi-Fi, GPS and others.

It should also be understood that programs written specifically for the operating system of a smartphone or communicator are full-fledged sequences of low-level microprocessor commands compiled into binary code. And due to the fact that all smartphones and communicators have more powerful processors than mobile phones, the programmer's ability to create such applications is practically unlimited.

Specialized applications are more functional, they use processor resources more efficiently than J2ME programs based on a variety of Java platforms designed to work in devices with limited resources (limited processing power, limited memory, small display size, portable battery power, as well as low-speed and insufficiently reliable communication capabilities). Therefore, smartphones are popular among software developers and enthusiasts.

1990s: The Age of Mobile Phones

The starting point for creating mobile applications was the appearance of a screen on a mobile phone. Naturally, the first phone software was built-in applications that were designed to perform specific phone functions and were installed into the device by the manufacturers themselves.

Perhaps the first mobile application, in addition to the software responsible directly for the operation of the phone, was the phone book - the part of the device's software that ordered the user's contacts. At first, only the name and phone number of the subscriber could be entered into the notebook. But gradually new functions were added to this application - in addition to the name and phone number, it became possible to enter the address, email and other data of a particular subscriber.

With the advent of the ability to exchange short text messages (SMS), another application was added to the phone, allowing you to write, edit, send small electronic texts.

The time of the first mobile application installed on the phone on top of existing software can be attributed to the end of the 90s of the last century, when cellular communications began to gradually enter the lives of millions of people around the world. It is worth noting that by that time, phone manufacturers already clearly imagined that software for a "mobile phone" was a promising direction, both in terms of technology development and in terms of their separate commercial use. Then, in addition to the most necessary applications, manufacturers began to install additional software into the software shell of cellular phones. As a rule, these were various multimedia applications - small arcade games, ringtone editors, calculators, calendars, etc.

Third-party developers who offered cell phone owners applications similar to those originally installed, as well as a lot of other useful and sometimes useless software, did not lag behind.

With the advent of WAP technology in the cellular market in 1997, which allows you to access the Internet using a mobile phone, the number of software applications, like their developers, began to grow. The fact is that now it has become much more convenient and easier to install any program on the phone, since earlier the installation of the application could only be carried out using a DATA cable connecting a stationary computer or laptop with a mobile phone. It is worth noting that at that time not every cell phone model was supplied with a DATA cable, which limited the use of mobile applications.

The ability to access the Internet directly through the phone made it possible to install various software on the device, as well as games even for those people who did not have a home computer. In addition, WAP could function even on budget phones, due to which the number of users of mobile applications also increased. The only disadvantage of WAP access was the high cost of data transfer - by downloading only a few programs for the phone, the user could spend his entire account.

By the beginning of the new millennium, the rapid development of the mobile content market in general and mobile applications in particular began. Like mushrooms after rain, specialized sites for the sale of software products and multimedia content for mobile phones appear. And the emergence of new technologies for data transmission using cellular communications (GPRS, EDGE) allows you to reduce the cost of mobile Internet traffic. Users began to download pictures, music ringtones, games, useful programs, etc. from the network in unthinkable quantities.

Safety

2023

Spy virus apps revealed to steal money from lovers

On October 27, 2023, F.A.C.C.T. announced another version of the Fake Date fraudulent scheme. Now criminals are trying to steal money from the victim even before buying tickets to a movie or theater under the guise of paying for home Internet or ordering a taxi, while using fake mobile applications. In the fall of 2023, 6 fraudulent groups worked in Russia under the Fake Date scheme, the illegal earnings of only one of them in 10 days exceeded 6.5 million rubles. Read more here.

A third of Russians faced fraudulent bank applications

A third Russians have experienced fraudulent apps. banks This was announced on October 3, 2023. ITFB Group (ITFB Groups) More. here

Crypto-ransomware apps infiltrate official Google and Apple stores

On February 2, 2023, it became known that cyberbandits gullible Tinder men were lured into a cruel financial trap.

As reported, the creators of high-yield investment scams called "The Pig-Butchering Scum" have found a way to bypass the protection of the Google Play and Apple App Store. Read more here.

2022: CPR researchers discover more than two thousand open mobile app databases in the public domain

On March 16, 2022, the Check Point Research (CPR) team at Check Point Software Technologies Ltd. reported that it had discovered in the public domain unsecured sensitive mobile application data that anyone can find through a browser. CPR experts found in VirusTotal, a free tool for scanning documents and links to malware, 2,113 mobile applications whose databases were not protected in the cloud and were repeatedly at risk during three months of observation. The number of downloads of these applications varies from ten thousand to ten million.

Sensitive data discovered by Check Point Research specialists includes photos of users and their families, identification tokens from health care apps, information from cryptocurrency exchange platforms, and more. CPR researchers give several examples of mobile applications with unprotected data, in particular, more than 130 thousand user credentials were in the public domain in one application for creating logos and graphic design. The CPR team talks about what steps developers of cloud platforms responsible for security can take to strengthen protection. Experts do not indicate the names of the mobile applications described in the study in order to prevent leaks.

The first example is an application for creating logos and graphic design with more than ten million downloads.

Image:Приложение для создания логотипов и графического дизайна.jpg

In the second case, CPR experts found an open database with a large amount of confidential information: bank details, geolocation, phone numbers, personal messages, purchase history and much more. The disclosed data belongs to users of the platform for listening to podcasts and other audio content with more than 5 million downloads.

Image:Базу данных с большим объемом конфиденциальной информации.png

Another example is an accounting application for small and medium-sized businesses, which has been downloaded more than a million times. More than 280 thousand telephone numbers associated with at least 80 thousand company names, as well as addresses, information about the bank account balance and cash stock at the cash register, invoices and email addresses, were publicly available.

Image:Бухгалтерское приложение для малого и среднего бизнеса.png

Check Point Research researchers found mobile applications in VirusTotal that interact with cloud services, and chose among them those who have access to data.

File:Aquote1.png
In this study, we show how easy it is to find datasets and critical resources that are open in the cloud to anyone who can access them through a browser, "said Lotem Finkelstin, head of threat analysis at Check Point Software Technologies. - We describe how you can do it. The method involves searching public file repositories (such as VirusTotal), mobile applications using cloud services. For example, a hacker can request a full path to the cloud backend of a mobile application from VirusTotal. We give a few examples that we were able to find there ourselves - everything that we found is available to anyone. Our research proves how easily data can be leaked or exploited. The amount of confidential information that is in the public domain and available in the cloud to anyone is incredible. And hacking the cloud is much easier than we think.
File:Aquote2.png

2021

Dozens of games with built-in Trojan found in AppGallery app catalog

On November 23, 2021, Doctor Web announced the discovery of dozens of games in the AppGallery catalog with a Trojan Android.Cynos.7 built into them, which collects information about users' mobile numbers. Dangerous games were installed by at least 9,300,000 owners of Android devices. Read more here.

McAfee discovers smart fraud apps on Google Play

Another wave of fraudulent apps has infiltrated the Google Play store, targeting Android users in Southwest Asia and the Arabian Peninsula - there were already more than 700,000 downloads before the McAfee Mobile Research team discovered them, and began removing them with Google. McAfee announced this on April 30, 2021. Read more here.

Avast detects fraudulent apps on Google Play and Apple App Store

On March 25, 2021, the company, a Avast representative in the field of digital security and protection solutions, announced the discovery of more than 200 fleeceware applications App Store in and. Google Play SensorTower, marketing a mobile app research and analytics company, estimates the apps have been downloaded more than a billion times. As of March 2021, they have generated more than 400 million dollars in revenue. the Russian Apple Scammers earned $4.5 million on users, fleeceware applications were downloaded 23.2 million times. Device users Android spent $400,000 on subscriptions, downloading apps 21.6 million times. Avast immediately sent lists of detected fleeceware applications to Apple and. Google

Fleeceware is a comparatively young type of fraud. The user is offered to download an interesting application for a free trial period, most often for three days. The app then automatically charges a disproportionately high subscription fee. For example, the FortuneScope app, after a short trial period, writes off $66 (approximately rubles 5,000) a week, which will cost the victim 3,432 (dollar about 300,000 rubles) a year if you do not cancel your subscription. It is not enough to simply remove the application: the subscription must be canceled in the settings of the app store. Advertisement fleeceware applications often appear in, social networks such as,,, and. Facebook Instagram Snapchat TikTok

File:Aquote1.png
Mostly discovered fleeceware applications are musical instrument simulators, photo editors, filters for the camera, applications for hiromancy and predicting the future, as well as for reading QR codes and PDF files. Despite the fact that these applications mainly perform their functions, it is unlikely that users would want to regularly pay for an expensive subscription if they knew its real cost. Especially given the existence of cheaper or even free analogues of such applications, says Jakub Vavra, a threat researcher at Avast. - It seems that fleeceware applications are primarily aimed at children and adolescents. This conclusion can be made on the basis of colorful screenshots and advertising banners of such applications on social networks, in which it is proposed to "download" or "install" such applications for free. While parents will notice weekly cash write-offs, the creators of fleeceware applications can already receive significant income.
File:Aquote2.png

Avast researchers discovered fleeceware applications for Android using the apklab.io mobile threat analysis platform, and then decided to check their presence in the Apple App Store.

Avast recommends that users be careful and careful when using and downloading apps as the subscription feature becomes more common. Here are some tips from Avast experts to help protect yourself from fleeceware applications:

  • Check subscription terms. Check how much a subscription to such an application will cost after the end of the trial period, and think about whether it is worth paying for it regularly.
  • Take a critical view of app advertising. Advertising fleeceware applications attracts the attention of users with colorful images and tempting promises that most likely do not reflect the real functionality of the application.
  • Read the small print. Carefully read the description of the application, paying special attention to the item "Purchases in the application." Read the terms of the subscription, even if there is a free trial period, since the fee can be charged automatically.
  • Protect payments. Make sure that access to payment methods is protected by a password or biometric verification. In this case, children will not be able to accidentally subscribe.

State mobile applications in Russia analyzed for potential privacy risks for users

  • 1 XLIFFService: Error in XliffFile2XliffString method.

Agree, not the most pleasant conclusions -- >

The original study talked about the potential privacy risks that come from advertising SDK and AdMob in Google particular. It was noted that the corresponding module is located in the applications "," Public services of Ugra".EMIAS INFO," "Check," COVID-19"FL Taxes," "Entrepreneur's Personal Account," "EIS" and "MES Diary." In reality, it is not in them. All of these programs were created using the React Native development toolkit, as well as the React Native Firebase module set for it. And it is these modules that contain certain lines with the names of some AdMob components, which is why static analysis could mistakenly indicate the presence of a full-fledged advertising SDK.

Of all the tested applications, AdMob was found only in "Public services," however, in this case, the fears were in vain: the module here is simply not involved in any way. Most likely, he got into the program by accident. The fact is that "Public services" is not a classic Android application. It was created using the specialized Xamarin framework. The main logic of such a program is located in separate DLL files, while the application's executable DEX file contains the Xamarin SDK. For code from DLL files to gain access to Google services, special plugins are required. It is very likely that the AdMob ad SDK code got into the application with just one of the sets of such plugins.

Both the Xamarin SDK and React Native can be used to simplify cross-platform development.

Another question from the researchers was caused by the AltBeacon and Estimote service modules found in the Go to Museum and Zaryadye applications. However, they are only used to work with special devices - Bluetooth beacons installed in museums for the convenience of users. With their help, for example, it is determined next to which exhibit the visitor is located. At the same time, the AltBeacon module does not send telemetry to a remote server, while the Estimote module has been modified so that the analytics it collects are transmitted not to a foreign resource, but to the Zaryadye park server. Therefore, in these cases, neither module can be attributed to full-fledged (and even more dangerous) trackers.

Another module noted in the study is HockeyApp, contained in the Parking app. Moscow The analytics service related to it was finally closed back in 2019 and has not been functioning for a long time, so there should be no complaints about it. Most likely, the module got into the study by mistake, since some programs still have certain traces of it.

At the same time, as pointed out in the study, many of the programs reviewed by the virlab do contain an SDK from Facebook. However, this module is used, for example, to register accounts through a social network, and also contains functions such as "Share." The SDK did not identify any facts of collecting sensitive information.

It would seem that there is nothing to worry about. But there was also a fly in the ointment. DrWeb noted that various analytics services mainly operate with impersonal user data, which in itself is not so scary. Exceptions are Google's ad ID, as well as accurate location data. And here there are already certain privacy risks. The thing is that in the Android OS, any application can access the advertising identifier. Suppose that a conditional program for online communication associated this identifier with data (name, surname, email address, phone number), after which it transmitted this information to a third party who had a leak, and the data got on the Internet. Using the same ad ID, this information can be mapped to data obtained through analytics modules (for example, related to information about the location of your device, actions performed in applications). As a result, there is a potential danger that you will be monitored and at least know who you are and where you are. And this in itself is already a lot for the same marketers and advertisers. Needless to say, it will also be valuable for intruders.

The good news is that usually analytics modules and trackers do not collect accurate geolocation data. However, experts from the virus laboratory found out that some of them (if you have access to the corresponding function) still do this - possibly for internal use. For example, the Mapbox mapping service module, used in a number of studied applications, collects certain telemetry, which also includes accurate geolocation. However, it does not use Google's advertising identifier, and therefore such data can be considered impersonal. Another module - from the Flurry service - also collects location data, but only approximate ones. To do this, the SDK itself forcibly configures a decrease in the accuracy of data before sending it to the server, which also cannot be regarded as a threat. It is noted that all tracking platforms have the ability to track the approximate location using an IP address if, for example, there is no access to geolocation.

But the Amplitude service module used in the Moscow Transport application is the most controversial compared to other considered services. It is not located in Russian jurisdiction, collects accurate location data and allows tracking advertising identifiers, which carries potential risks of disclosing confidential information. In addition, it writes some data entered by the user - for example, about the requested route, if it could not be built. Directly, all these actions do not carry direct risks, but for someone they may be unacceptable. Moreover, this module could be easily dispensed with.

It is also worth noting that all trackers allow developers to disable location data collection (which is active by default), but they did not use this function.

The main conclusion is as follows: trackers and various analytics modules in most of the programs studied do not pose a direct threat to privacy, with the exception of the contradictory module used in the Moscow Transport application. However, this is true for versions of applications that are current at the time of analysis. Developers can make certain changes to the software by removing or adding third-party modules, so the situation with the data collected, user privacy and security of government programs may change over time.

Dr.Web recommends:

1. To make it difficult for analytics services and advertisers to collect information, periodically you need to change the advertising identifier of the Android device. To do this, go to the system settings menu, go to the Google section, select "Advertising" and then the "Reset advertising ID" option. This will make it more difficult to link the collected data from various sources to each other.

2. It must be used antivirus Dr.Web for Android - it detects harmful tracker modules, as well as unwanted advertising modules that can be dangerous.

2020

7 mobile browsers vulnerable to address bar spoofing

Rapid7 specialists, together with Pakistani security researcher Rafay Baloch, have discovered ten vulnerabilities in seven mobile browsers that can fake URLs in the address bar. This became known on October 21, 2020. The list of vulnerable browsers includes Apple Safari, Opera Touch and Opera Mini, as well as niche products such as Bolt, RITS, UC Browser and Yandex.Browsers.

Researchers discovered the vulnerabilities earlier in 2020 and reported them to manufacturers in August. If large vendors immediately released fixes, then smaller ones did not even bother to answer.

CVE identifiers are assigned to only six out of ten vulnerabilities:

CVE-2020-7363 and CVE-2020-7364 - still not fixed vulnerabilities browser in UC Browser for; Android

CVE-2020-7369 - vulnerability in Yandex.Browser for Android was fixed by the vendor on October 1 in version 20.8.4;

CVE-2020-7370 - a vulnerability in the iOS version of Bolt;

CVE-2020-7371 - vulnerability of the Android version of RITS;

CVE-2020-9987 is a vulnerability in Apple Safari. Fixed by the vendor[1].

Roskomnadzor will block pirated applications for smartphones

On May 27, 2020, the State Duma adopted in the second and immediately in the third readings a bill to block pirated mobile applications. The innovation should come into force on October 1.

According to the new amendments to the federal law "On Information, Information Technologies and Information Protection," Roskomnadzor will be able to block illegal media content not only on sites, but also in mobile applications within one day after the application of the copyright holder and by a court decision. In the original version of the bill, the responsibility for blocking was assigned to the authors of the applications and to telecom operators. Amendments to the second reading extended this obligation to application aggregators (in particular, the App Store, Google Play and Huawei AppGallery).

The State Duma adopted a law on blocking mobile applications with pirated content

It follows from the text of the document that Roskomnadzor sends a notice of violation of copyright and related rights to the owner of the information resource on which the application is located, indicating the work, its author, copyright holder, name and owner of the application with the requirement to restrict access to illegal content. The information resource, in turn, informs the owner of the application within one working day, who must fulfill the specified requirements within one working day. In case of its refusal or inaction, the information resource is obliged to block the corresponding application no later than three working days from the date of receipt of the notification of Roskomnadzor.

Market participants proposed to soften the project on blocking applications

Representatives of the Russian Association of Electronic Communications (RAEK), the Association of Trading Companies and Manufacturers of Electric Household and Computer Equipment (RATEK) and the American Chamber of Commerce in Russia proposed softening the bill on blocking pirated content in mobile applications, limiting the potential powers of Roskomnadzor to block them. The letters were sent to the Chairman of the State Duma Vyacheslav Volodin, to the Committee on Information Policy and the Ministry of Communications. This became known on May 26, 2020.

The second reading of the bill is scheduled for May 27, 2020. The adoption of this initiative will require Apple and other app store owners to invest in content moderation in Russia and may lead to legal risks for them.

The authors proposed not to block the entire application, but to restrict access to certain content if there is a technical possibility. It is also proposed to extend the period for consideration of claims of copyright holders and notifications of Roskomnadzor to nine days.

According to the head of the State Duma Committee on Information Policy with the Ministry of Communications and Public Legal Administration of the President Alexander Khinshtein, the members of the committee do not support the proposals of the associations, since the bill is aimed at blocking only content that violates copyright, and not applications in general[2].

From October 1, Russia wants to introduce blocking of pirated mobile applications

On May 26, 2020, it became known that the State Duma passed the second reading of the bill, which amends the law "On Information, Information Technologies and Information Protection." If it is approved in the third reading, the Federation Council will consider it and the president will sign it, then from October 1, 2020 in Russia it will be possible to block any application for Android and iOS through the court if they prove that it is pirated or a complaint will be received.

Copyright holders who find a violation of their content or information will be able to sue and demand blocking not only the site where it is, but a mobile application, if any.

They want to oblige responsibility for pirated content to bear not only the violators themselves, but also the services that host these applications. That is, all online app stores, including the AppStore, Google Play, Huawei AppGallery and others, fall here.

The Russian court and the requirements of Roskomnadzor may oblige them to remove the prohibited application, however, it will not work to track the installation of APK files, so pirated content can still be distributed, but in other ways[3].


Main article: [Blocking sites and applications in Russia]]

2019

About 90% of Russian popular Android applications transfer personal data to third parties

On October 2, 2019, it became known that Internet publishing The Bell using the AppCensus service and the Exodus application privacy audit platform analyzed which data ones are processed and transmitted by popular ones - in the Androidapplications Russian Google Play Store, as well as what permissions they request from users.

According to the results, 89 of the top 100 free applications send user data to third-party platforms. Almost all applications transmit information via both encrypted and unencrypted Android Ad ID channels. Thus, this not only allows Google's advertising system to easily associate the device with a specific user, but also provides third parties with access to users' personal information, including geolocation. The leader in the number of data channels was the Read Free application from Litres - channel 31. The "first channel," in turn, ranks first in the number of unencrypted streams. It also turned out that the applications of Channel One, the Rossiya TV channel and NTV use the HTTP protocol instead of safer HTTPS when transmitting data to the Mediascope media meter.

Almost all analyzed applications (97 out of 100) use advertising trackers that help search engines and social networks recognize a specific account and show targeted ads. Exodus specialists found the largest number of trackers in the popular "looped" video service Coub - 30 trackers.

As for permissions, the Play Google Store requests them most among the most popular applications VK from. VK (formerly Mail.ru Group) Applications request 60 different permissions, including access to geolocation, camera, microphone, call and message history, and user device data.

According to Symantec, 46% of all Android applications request access to the smartphone camera, and 25% request access to audio recording without notifying the user[4].

A comparative study of the security of twelve popular mobile dating apps

On September 24, 2019, the company "Rostelecom-Solar" for the "velvet season" conducted a comparative study of the security of twelve popular mobile dating applications: Tinder, Badoo, Loveplanet, Mamba, Photostrana, Topface, FriendAround, MyFriends, Galaxy, Знакомства@mail.ru, Teamo and Hitwe. Applications for analysis were selected according to the criterion of popularity: the number of downloads on Google Play and the App Store, as well as positions in various ratings of dating sites. All applications were considered in options for mobile operating systems iOS and Android.

Every year, online dating services are becoming more attractive to both the target audience and investors. According to Mark Kelly, an analyst at the Japanese holding Nomura Instinet, by 2020 the volume of the global online dating market will grow to $12 billion. The statista.com portal estimated the volume of the Russian online dating market in 2017 at $66 million. At the same time, the transition of the audience to mobile applications was called the current market trend, the share of which, according to analysts, reached 60% by the end of 2018.

Unexpectedly, according to the results of automated analysis, in the Android version of the Знакомства@mail.ru application, which is positioned by the creators as the leader of the Russian dating services market, a highly critical vulnerability was discovered, which is included in the international rating of the most critical vulnerabilities "OWASP Mobile Top 10 2016." If it is successfully exploited, an attacker can access the application user account and, accordingly, all unencrypted information that the application transmits to the server. This and other vulnerabilities did not allow Знакомства@mail.ru to rise above the penultimate place in the list in terms of security among applications with more than 5 million installations (8 out of 12 studied applications).

File:Aquote1.png
Due to a vulnerability in this class hacker , it can become the owner of a login password and user, use them to log into the application and gain access to correspondence, video and audio, to content which the account owner exchanged with his acquaintances in the application. This content can become compromising evidence on any person who, for one reason or another, interested in the attacker. This information can be posted on the network, as was the case with the infamous dating site Ashley Madison. Finally, users are often lazy to remember different logins and passwords and use the same bundle for an account in a dating application, and, for example, for access to online. bank Which, in turn, creates financial risks already,
File:Aquote2.png

In general, according to the results of an analysis of Android versions, Teamo and Photostrana turned out to be the most protected dating applications: the overall level of security of both applications is 3.2 points out of 5.0. Global market stars - applications with more than 100 million installations - Badoo and Tinder showed average security levels of 2.9 and 2.6 points, respectively. The most vulnerable was the MyFriends application (1.9 points out of 5.0).

In 83% of studied mobile dating applications based on OS Android, the encryption key is set in the source code. This critical vulnerability can compromise the data contained in the program - both user and system. In addition, all examined Android dating apps allow an internal leak of valuable information that an attacker can use to develop an attack plan on the app. They also all contain a vulnerability that threatens an attacker to execute arbitrary code in the application.

As for the iOS applications considered in the study, the Hitwe dating service contains the least number of vulnerabilities among all Apple systems - it managed to score 1.0 out of 5.0 in terms of overall security. The iOS versions of the world brands Badoo and Tinder, as in the case of Android, took the middle positions in the ranking - the overall level of security of both is 0.5 points. Topface (0.0 points) is recognized as the most insecure application based on iOS.

All analyzed iOS versions contain a weak hashing algorithm, which could potentially lead to a loss of privacy of the data they process. And more than half of them have weak encryption algorithms, which poses a threat of their hacking by full brute force. In general, iOS versions of mobile dating services contain an order of magnitude more vulnerabilities than Android applications, which, however, is somewhat offset by the higher security of the operating system itself.

The security analysis of the code of mobile dating applications was carried out automatically using Solar appScreener, a Russian software product for checking the security of applications. The solution uses static, dynamic, and interactive analysis methods. In the preparation of the study, the decompilation and deobfuscation module was disabled. Static analysis was performed on the binary code of mobile applications in automatic mode.

Russia is the leader in cyber threats for Android

Russia ranks first in the number of malicious programs created for Android according to Eset for the first half of 2019. At the same time, 68% of vulnerabilities are critically dangerous for the normal functioning of Android devices or for the security of users' personal data. This figure is significantly higher than last year. Experts believe that the number of vulnerabilities in mobile applications developed for various platforms will continue to grow in proportion to the growth in development volumes.

According to the study, the largest number of malware was detected in Russia (16%), Iran (15%), as well as in Ukraine (8%). Experts concluded that the number of vulnerabilities in Android devices has decreased, but the share of really dangerous malware samples has increased significantly. Thus, the number of mobile threats decreased by 8% compared to the same period in 2018. "One of the most common types of mobile threats remains ransomware. The recently discovered Android/Filecoder.C uses both symmetric and asymmetric encryption and is distributed via SMS messages over the contact list. This is a clear example of the complexity of functionality compared to early ransomware families such as DoubleLocker, "the report says.

ESET researchers emphasized that with the development of the Internet of Things, the need to protect not only laptops and smartphones, but also all devices connected to the network is increasing.

76% of mobile apps have unsafe data storage

On June 19, 2019, Positive Technologies reported that its experts tested mobile applications for iOS and Android and found that most applications store data insecure, and a hacker rarely needs physical access to the victim's smartphone to steal them.

According to the study, Android applications with critical vulnerabilities are somewhat more common than iOS programs (43% versus 38%). However, this difference is insignificant, experts say, and the overall level of security of client parts of mobile applications for both platforms is approximately the same.

Experts called unsafe data storage, which is found in 76% of mobile applications, the most common vulnerability: hackers may have passwords, financial information, personal data and personal correspondence in their hands.

{{quote 'author = says Yana Avezova, information security analyst at Positive Technologies|To steal data, attackers rarely need physical access to the victim's smartphone: 89% of the vulnerabilities we discovered can be exploited using harmful ON. The likelihood of infection increases significantly on devices with administrative privileges (root or jailbreak). But malware can raise rights on its own. Once on the victim's device, the malware can request permissions to access user data, and, having received permission, transfer data to attackers. We encourage users to be careful about notifications from applications requesting access to any features or data. Do not grant access permission if there is doubt that it is necessary for the normal operation of the application, }}

As the results of the study showed, server parts are no less vulnerable than client parts: 43% have a low or extremely low level of security, while 33% contain critical vulnerabilities. Among the most common disadvantages of a high level of risk in server parts is insufficient authorization and information leakage.

2010: Mobile malware problem exaggerated in many ways

The development of mobile Internet, of course, gave rise to cyber threats for phone owners. However, according to experts, in many ways the problem of malware specially developed for mobile devices is largely exaggerated. The fact is that the unimaginable number of viruses for ordinary PCs cannot be compared with the "few" dozens of malware for mobile phones.

For example, the lion's share of mobile viruses was written for one of the most common Symbian OS software platforms for smartphones and communicators Nokia Corporation. However, with the advent of the next version of this platform in 2006, the risk of infection began to tend to zero. In short, any operating system for "mobile phones" tries, as efficiently as possible, to protect its user from possible "infection."

However, this does not mean at all that there are no viruses for these devices at all. So, in 2008, one of the few mobile viruses for Symbian OS 9.1 S60 3rd Edition appeared - the Sexy View program, a distinctive feature of which was that it was signed with a valid Symbian security certificate. This virus sent SMS with a link to itself, and the purpose of the virus was to collect confidential information about the infected device (IMEI, etc.). In addition, the FlexiSpy cross-platform application already known from previous versions of software platforms, which steals personal information of the subscriber, exists for this version of the OS.

To prevent "infection" with mobile viruses, you need to find out as much information as possible about the application that the user is going to download. To do this, you can use, Internet as a rule, on various specialized forums there is information about malicious. ON In addition, you can try to contact representatives of the site from where the program is planned to be downloaded. In the end, you can turn to the creators. antivirus software

Superapps

Main article: Superapps

Web Application Portals

Today, in addition to independent Internet platforms for the distribution of mobile applications, leading manufacturers of cell phones smartphones and communicators create their own similar resources. Some of them already have or plan to open their own platform for the sale of mobile applications in the near future. Such specialized portals for mobile distribution ON already have a phone manufacturer - iPhone a company (), Apple App Store a company (OVi), Nokia Corporation a smartphone manufacturer - Blackberry a company (RIM BlackBerry App World and Application Center), a company (), Google a company (Android Market PlayNow arena Sony Ericsson) and a number of others. In addition to the applications themselves, these online resources also sell a variety of mobile content (music, videos, pictures, e-books, etc.).

Application Development Tools

In addition, manufacturers of mobile phones, smartphones and communicators and creators of operating systems, as well as mobile operators, release software tools for creating mobile applications. They are offered on the basis of both open and closed software and are often designed to write applications for a specific operating system, which often means for a specific model of a mobile device (for example, iPhone, Google phones or Nokia Corporation smartphones).

Links