Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
ManagementSecurity NewswireTechnologies & SolutionsSecurity & Business ResilienceRetail/Restaurants/Convenience

Will access to 3rd-party apps for Apple users create security risks?

By Josh Shaul
Apple computer/phone

Image via Unsplash

February 10, 2023

Apple has long blocked third-party app stores from its devices; however, the company will now be forced to allow European users access to alternative app stores. In an attempt to rein in monopoly power, the EU has enacted the Digital Markets Act, which requires Apple to allow its users to download apps from independent stores.

Apple argues that “sideloading” — aka, downloading apps outside of Apple’s curated store — will weaken privacy protections and expose users to security risks. But another major concern is that third-party stores on iOS could escalate the threat of brand impersonation via counterfeit mobile apps. This could impact the brand and distance loyal customers, either through poor app performance or malware consumers may associate with the brand.

Brand risks

Companies are understandably worried about an uptick in brand impersonation, with entities impersonating an established brand by releasing an unauthorized app under a similar name. The copy-cat app may market itself as the company’s official app on independent app stores.

Because not all third-party marketplaces scrutinize apps to detect counterfeits, consumers may mistakenly download the wrong app. The consumers may believe that they are getting the official app, which means that anything on the copy-cat app — from innocuous tech mishaps to serious malware infections — could hurt the original company's reputation.

Generally, risks from third-party mobile app marketplace can come in various forms, including:

  • Repackaged attacks: Scammers download legitimate apps from official app stores, insert malicious code and redistribute them on a third-party app store in order to steal users' credentials, identity or payment information. Sideloading increases this risk.
  • Low-quality clones: Bad actors can create counterfeit versions of an app that do not function properly or have a slow loading speed. Users might decide that a brand publishes low-quality apps and opt to download a competitor's app.
  • Out-of-date apps lacking functionality or security features: The purpose of app updates is to provide the best mobile experience possible and strengthen security. An out-of-date version risks a sub-par user experience or, worse, a vulnerability that exposes users to identity or payment fraud.
  • Inaccurate metrics: Marketing and cybersecurity teams want to know where consumers interact with their brand online. If consumers seek out an app, but accidentally download counterfeits, this will interfere with engagement and advertising metrics.

The consequences of counterfeit apps, especially those that infect a user’s device, are clear — a striking 63% of consumers hold brands accountable for fakes and half would stop using a mobile app if it failed to protect their data.

Mitigating third-party marketplace risks

To reduce the risks posed to your brand by third-party app stores, consider the following:

1. Stay updated on Apple’s vetting process for third-party app stores. As Apple begins to allow apps from third-party stores, it will be important for brands to monitor Apple’s efforts to maintain security. How will third-party app stores be vetted? How will a third-party marketplace validate that a submitter owns the trademark or IP? It’s important for brands to follow all the related developments concerning these questions. With all of this in mind, CISOs and their marketing counterparts will then need to decide whether they want customers downloading their apps from third-party stores.

2. Automate monitoring of app marketplaces. Getting a handle on the use or abuse of a brand on mobile app marketplaces requires automation. And it’s a big job. There are 36,000 iOS app releases each day on the Apple App Store and 97,000 Android app releases on Google Play, and that’s not accounting for third-party marketplaces. Online brand protection vendors have built AI-powered systems that can automate the monitoring process.

3. Document a response plan for impersonations. Upon discovering an unauthorized version of a mobile app, it’s important to know what will be done. To be proactive, be familiar with the trademark violation reporting policies of the Apple App Store, Google Play Store and third-party stores. However, be realistic about the process of forcing an app to be removed from an app store — it’s not as simple as an email request, even when working with trustworthy app marketplaces.

Keep in mind that there are some independent marketplaces that exist entirely to publish apps that violate more mainstream app stores’ policies. So, be vigilant in looking for reputable app publishing platforms because brand identity and consumer security are on the line.

KEYWORDS: app Apple security counterfeit data protection malicious code

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Josh Shaul is the CEO of Allure Security.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

September 29, 2025

Global Security Exchange (GSX)

 

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • SEC 500 Panel header

    Panelists will discuss third-party risks at SECURITY 500 Conference

    See More
  • apple security

    Apple failed to disclose security incident affecting 128 million users in 2015

    See More
  • Security Podcast- Welch.jpg

    Listen to Michael Welch and how to address fourth-party risks and improve supply chain security in our latest The Security Podcast episode

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing