Apple has long blocked third-party app stores from its devices; however, the company will now be forced to allow European users access to alternative app stores. In an attempt to rein in monopoly power, the EU has enacted the Digital Markets Act, which requires Apple to allow its users to download apps from independent stores.
Apple argues that “sideloading” — aka, downloading apps outside of Apple’s curated store — will weaken privacy protections and expose users to security risks. But another major concern is that third-party stores on iOS could escalate the threat of brand impersonation via counterfeit mobile apps. This could impact the brand and distance loyal customers, either through poor app performance or malware consumers may associate with the brand.
Brand risks
Companies are understandably worried about an uptick in brand impersonation, with entities impersonating an established brand by releasing an unauthorized app under a similar name. The copy-cat app may market itself as the company’s official app on independent app stores.
Because not all third-party marketplaces scrutinize apps to detect counterfeits, consumers may mistakenly download the wrong app. The consumers may believe that they are getting the official app, which means that anything on the copy-cat app — from innocuous tech mishaps to serious malware infections — could hurt the original company's reputation.
Generally, risks from third-party mobile app marketplace can come in various forms, including:
- Repackaged attacks: Scammers download legitimate apps from official app stores, insert malicious code and redistribute them on a third-party app store in order to steal users' credentials, identity or payment information. Sideloading increases this risk.
- Low-quality clones: Bad actors can create counterfeit versions of an app that do not function properly or have a slow loading speed. Users might decide that a brand publishes low-quality apps and opt to download a competitor's app.
- Out-of-date apps lacking functionality or security features: The purpose of app updates is to provide the best mobile experience possible and strengthen security. An out-of-date version risks a sub-par user experience or, worse, a vulnerability that exposes users to identity or payment fraud.
- Inaccurate metrics: Marketing and cybersecurity teams want to know where consumers interact with their brand online. If consumers seek out an app, but accidentally download counterfeits, this will interfere with engagement and advertising metrics.
The consequences of counterfeit apps, especially those that infect a user’s device, are clear — a striking 63% of consumers hold brands accountable for fakes and half would stop using a mobile app if it failed to protect their data.
Mitigating third-party marketplace risks
To reduce the risks posed to your brand by third-party app stores, consider the following:
1. Stay updated on Apple’s vetting process for third-party app stores. As Apple begins to allow apps from third-party stores, it will be important for brands to monitor Apple’s efforts to maintain security. How will third-party app stores be vetted? How will a third-party marketplace validate that a submitter owns the trademark or IP? It’s important for brands to follow all the related developments concerning these questions. With all of this in mind, CISOs and their marketing counterparts will then need to decide whether they want customers downloading their apps from third-party stores.
2. Automate monitoring of app marketplaces. Getting a handle on the use or abuse of a brand on mobile app marketplaces requires automation. And it’s a big job. There are 36,000 iOS app releases each day on the Apple App Store and 97,000 Android app releases on Google Play, and that’s not accounting for third-party marketplaces. Online brand protection vendors have built AI-powered systems that can automate the monitoring process.
3. Document a response plan for impersonations. Upon discovering an unauthorized version of a mobile app, it’s important to know what will be done. To be proactive, be familiar with the trademark violation reporting policies of the Apple App Store, Google Play Store and third-party stores. However, be realistic about the process of forcing an app to be removed from an app store — it’s not as simple as an email request, even when working with trustworthy app marketplaces.
Keep in mind that there are some independent marketplaces that exist entirely to publish apps that violate more mainstream app stores’ policies. So, be vigilant in looking for reputable app publishing platforms because brand identity and consumer security are on the line.