A developer’s duty: leading the charge against mobile fraud in the Philippines

By Jan Sysmans

FOR MANY PEOPLE today, their lives and their smartphones are inseparable. In the Philippines, 54.7% of consumers use mobile apps for purchasing goods and services, according to the 2024 Philippines Consumer Expectations of Mobile App Security survey by App-dome. This is about 13.2% higher than the global figure.

With how central mobile apps are to Filipinos, more than three quarters said they would ditch apps that don’t protect their data. However, the rising threat of mobile fraud backs users into a perilous position, which pushes developers to the frontline of mobile security.

THE MANY METHODS OF MOBILE FRAUD
With the help of emerging technologies like generative artificial intelligence (GenAI), cybercriminals are honing their attack strategies. GenAI enables cybercriminals to create highly personalized attacks and a sense of legitimacy in their fraud tactics, making it tougher for users to distinguish between what’s real and what’s not. Developers are hard-pressed to keep up with the evolving threat landscape, racing to ensure that applications are sufficiently secure to protect users against a variety of threats such as phishing, malware, spyware, and fraud.

Phishing, for example, has been a consistent tactic over the decade and has become more complex in recent years. According to a recent Appdome survey, 36.4% of Filipino consumers say they know someone who has been targeted by social engineering scams.

Variations of this attack — such as voice phishing (vishing) and SMS phishing — are also utilized by bad actors. In the Philippines, vishing scams of people posing as bank representatives was so common that it prompted a warning to be issued by the Philippine National Policy Anti-Cybercrime Group. Consumers were warned to stay vigilant against calls from individuals purporting to be representing a bank. These, along with advanced fraud tactics like overlay malware, work by mimicking legitimate apps, thereby tricking users into volunteering their private information. Sometimes, they may also allow access to their accounts.

Another type of attack is synthetic fraud. Malicious actors may use fake events and false identities to bypass the standard detection tools by sending signals from a seemingly legitimate endpoint. This is especially dangerous given how pervasive mobile use has become for day-to-day transactions, with over half of Filipinos telling Appdome they have a strong preference for mobile apps.

The heavy reliance on mobile apps creates the perfect environment for cybercriminals to commit fraud. Be it spyware, malware, account takeovers, or phishing, bad actors are exploiting the mobile landscape to fool consumers into compromising their device security, leading to data breaches.

CONSUMERS PREFER PREVENTIVE SECURITY
Given Filipinos’ preference for smartphones to perform daily transactions, it’s no surprise that 42.4% of consumers told App-dome they are wary of mobile fraud while 67.6% are concerns about hacking. This is reflected globally as well, with 58% of consumers citing mobile fraud as their number one concern.

This leads to the expectation for mobile fraud prevention to be built into mobile apps. The same survey found that an overwhelming 98.3% of mobile app users in the Philippines expect their mobile applications to have anti-fraud protection. This aligns with findings that 87.5% prefer preventive measures over going through the process of post-fraud reimbursements.

The challenge here is that measures in legacy applications are usually focused on base protections such as root detection/jailbreak and reverse engineering protection. Any anti-fraud measure they do have are lackluster against modern fraud tactics and tools.

Furthermore, legacy apps tend to favor the “crash to protect” method, which forces the app to crash when a security threat is detected. This is frustrating to both users and developers. The former are subjected to a challenging user experience while the latter are impacted by crash free rates.

DEVELOPERS ARE ON THE FRONTLINES
The reality of the rising threat of mobile fraud has spurred the Philippine government to act by enacting specific anti-fraud laws such as the Anti-Financial Account Scamming Act. The fact that such a law was even enacted reflects the escalating problem of mobile fraud in the Philippines. As they have their hands in the backend, developers are the ones who can build a holistic defense against modern fraud threats while also improving user experience.

The Appdome survey found that 47.3% of Filipinos hold app developers primarily responsible for mobile app security, with a whopping 77.5% ready to cancel their accounts and delete apps that fail to protect their data. This should motivate developers to keep pace with cybercriminals or, ideally, be several steps ahead.

The onus is on developers to enhance app security with responsive threat mitigation. As AI and other emerging technologies contribute to the evolution of the mobile fraud landscape, developers can also tap into advanced AI-based mobile app defense automation platforms to protect applications better. This, in turn, will ensure effective protection for mobile businesses and consumers against fraud and other cyber threats.

Developers can do so by offering responsive threat mitigation that is user-friendly. For example, this can be educating consumers about the threats that have been detected or reducing app functionality to mitigate the threat. A responsive threat response that prioritizes user experience will ensure both security and usability.

Ultimately, the approach to security needs to evolve at pace with the advancements of mobile technologies. While mobile users are not entirely defenseless, developers are responsible for fostering a safer environment for users.

Jan Sysmans is a mobile app security evangelist at Appdome.