Home » 93% of Total Mobile Transactions in 2019 Were Fraudalent
A new report has found that 93 percent of total mobile transactions in 20 countries were blocked as fraudulent in 2019.
According to a report on the state of malware and mobile ad fraud released by Upstream, The “Invisible Digital Threat” examined 1.71 billion mobile transactions and blocked 1.6 billion of them as fraudulent, totaling 93 percent of total transactions. It is estimated that if left unchecked, these transactions would have cost users $2.1bn in unwanted charges. For the industry as a whole, losses from online, mobile and in-app advertising reached $42 billion in 2019 and are expected to reach $100 billion by 2023, says Upstream.
The number of malicious apps discovered by Upstream in 2019 rose to 98,000, up from 63,000 in 2018. These 98,000 malicious apps had infected 43 million Android devices.
With Android devices now accounting for an estimate 75-85 percent of all smartphone sales worldwide, Android is by far the most dominant mobile operating system (OS), says Upstream. "At the same time it is the most vulnerable due to its open nature, making it a favorite playground for fraudsters," notes the report.
Of the top 100 most active malicious apps that were blocked in 2019, 32 percent are reported still available to download on Google Play. A further 19 percent of the worst-offending apps were previously on Google Play but have since been removed, while the remaining 49 percent are available through third-party app stores.
Apps designed to make a device function better and make everyday life easier are the ones most likely to be harmful with 22.32 percent of malicious apps for 2019 falling under the Tools / Personalization / Productivity category globally. The next most popular categories cybercriminals target are Games (18.97 percent) and Entertainment/Shopping (15.76 percent).
Upstream reported on the suspicious background activity of five very popular Android apps: 4shared, a popular file-sharing app, Vidmate, a video downloader, Weather Forecast a preinstalled app on Alcatel devices, Snaptube, another video and audio app, and ai.type, an on-screen keyboard app. With a total of nearly 700 million downloads, these were or had been at some point available on Google Play. In these five cases alone, Upstream detected and blocked 353 million suspicious mobile transactions preventing $430 million in fraudulent charges.
Dimitris Maniatis, CEO of Upstream commented, “Mobile ad fraud is a criminal enterprise on a massive scale. Though it may seem that it is only targeted at advertisers, it greatly affects the whole mobile ecosystem. Most importantly it adversely impacts consumers; eating up their data allowance, bringing unwanted charges, messing with the performance of their device, and even targeting and collecting their personal data. It is more than an invisible threat, it is an epidemic, calling for increased mobile security that urgently needs to rise up in the industry’s priority list. Left unchecked, ad fraud will choke mobile advertising, erode trust in operators and lead to higher tariffs for users’’.
“A key part of successfully tackling mobile fraud is awareness”, explains Maniatis, “something that the whole industry, surprisingly, lacks. With all indicators pointing that its value will grow in the hundreds of billions in the next three years, we cannot afford to remain idle. This is the main reason we steadily and openly share all our findings with the whole community.”
“ Mobile ad fraud remains a hidden threat for most consumers. It usually goes undetected and is not high on people’s agendas when choosing apps," concluded Maniatis.
I want to hear from you. Tell me how we can improve.
This month in Security magazine, we highlight COVID-19 and infosec's response. How has the sudden shift to remote work changed the roles of CISOs and security teams? Also this month, we profile Justin Dolly, CSO at Sauce Labs, his view on infosec and building security teams. In addition, security experts discuss continuous monitoring, radicalism, quantum technology, endpoint security and more.