In response to the precedent being set with the distribution of the Fortnite for Android app outside of the Google Play story, two experts with OneSpan offer perspective on the potential implications for banks and others relying on mobile channels for consumer transactions, as well as potential next moves the industry could take in reaction.
Samuel Bakken, Senior Product Marketing Manager at OneSpan:
“It could be argued that Epic is asking users to compromise the security of their device by making this change in their settings.
“The impact on other industries will be felt. This affects banks because, one, they’d rather not have their users allowing for the sideloading of apps (which in some cases could be malware). This could also get users into the habit of downloading apps from unofficial sources. And that’s where spoofed, repackaged banking apps can be downloaded.
“We strongly recommend only downloading apps from official app stores, and unfortunately this explodes that notion. However, app shielding technologies can prevent attackers from injecting malicious code into an app and repackaging it for distribution in unofficial marketplaces or websites, and they are also context-aware so that if a user’s Android device is rooted or allows for sideloaded apps and is potentially infected with malware, the app itself is still protected.”
Will LaSala, Director Security Solutions, Security Evangelist at OneSpan:
“In similar situations, we’ve seen instances where individuals are essentially taking a paid app and repackaging it and then republishing it on the app store for a third of the price, and they are sneaking through Google’s checking. So if they move in this direction expect hundreds of apps all at different prices attempting to lure people into paying for them. In my estimation at least half of them will use droppers and there will be a massive outbreak in malware.”