The Digital Markets Act (DMA) coming into effect in March 2024 marks a decisive turning point in the European digital landscape, by regulating the practices of major digital companies, especially the "Gamam" - Google, Apple, Meta, Amazon, Microsoft. This European Union legislation targets anti-competitive behavior, with the goal of benefiting consumers and small businesses. But won’t this legislation also benefit cybercriminals?
The end of the duopoly in the mobile application market
With the implementation of this legislation, a significant transformation is underway in the mobile application domain. Smartphone users, whether on iOS or Android, will now have the option to download apps not only from the traditional Apple App Store and Google Play Store but also through third-party app stores.
This change aims to break the duopoly of Apple and Google in the mobile application market.
Diversity of app stores, as many breaches for the security of devices
However, the concerned companies have diverse reactions, with Apple emphasizing the importance of the App Store in ensuring the safety and reliability of the apps made available to users.
Indeed, the ability for users to download apps from multiple sources increases the attack surface for potential threats. With this opening to third-party app stores, there's growing concern about malicious downloads. These alternative platforms could offer new opportunities for cybercriminals to spread harmful or intrusive apps, which collect large quantities of personal and sensitive data. In this context, it becomes crucial to adopt effective mobile security solutions, such as Pradeo's Mobile Threat Defense (MTD), which examines apps as well as network and device configuration settings.
Mobile application security put to the test by the Digital Markets Act
Another major risk lies in the proliferation of counterfeit apps. With most of internet traffic coming from mobile phones, businesses and public services heavily rely on mobile apps to provide their services. The opening of third-party app stores offers a new avenue for cybercriminals to distribute malicious clones of legitimate apps, endangering users identification data and personal information. To counter this risk, it's essential to use an anti-clone service to identify and confirm the authenticity of apps, as well as proactively monitor the web, including less regulated spaces like the dark web, to detect illegitimate apps. Pradeo plans to launch a subscription-based service for detecting clones and other app-related security information from various sources (including the dark web).
These measures are essential to ensure user safety in an increasingly open and diverse mobile app ecosystem.
As we step into this year, prioritizing application security is paramount. Pradeo offers an easy-to-set chain of control to protect mobile applications from the design phase through to end-user interactions, verifying and meeting the requirements of each stage of the Mobile Application Security Verification Standard (MASVS). In particular, Pradeo's Shielding solution prevents application cloning.