Case Study
5th Annual State of Application Security Report
Perception vs. Reality
BACKGROUND
Nearly a billion new mobile phones ship each year. Businesses that efficiently adapt to today’s “app economy” are the most successful at deepening customer engagement and driving new revenues in this ever-changing world. For hackers, this only widens the playing field. Mobile app hacking is easier and faster than ever before.
- It’s fast: Recent research found that in 84 percent of cases, the initial compromise took “just minutes” to complete.
- It’s relatively easy: There are automated tools readily available in the market to support hacking, and many of them are available for free!
- Mobile apps are “low-hanging fruit”: In contrast to centralized Web environments, mobile apps live “in the wild,” on a distributed, fragmented and unregulated mobile device ecosystem. Unprotected binary code in mobile apps can be directly accessed, examined, modified and exploited by attackers.
Hackers are increasingly aiming at binary code targets to launch attacks on high-value mobile applications across all platforms. For those of you who may not be familiar, binary code is the code that machines read to execute an application — it’s what you download when you access mobile apps from an app store like Google Play.

Challenge
Arxan Technologies is a B2B business. Consumers, and thus mainstream media, are generally unaware of the complexities behind the mobile devices they hold so dear. Arxan’s State of Application Security report brought a sense of urgency to developers and major enterprises by analyzing the top 100 paid apps in the Apple and Google Play stores. By demonstrating the overwhelming risks these apps have Arxan demonstrated the clear need for its technology solution. But, the message needed to be even broader.
Strategy
Under the advice of Lumina, Arxan paired its report findings with a consumer-facing survey about how safe consumers believed their apps to be. As a result, the risk of app hacking was given not only an enterprise narrative, but also a strong consumer-oriented angle providing a holistic view of the risks and the gravity of concerns.

Results
Combining strong enterprise risks with consumer concern resulted in a stronger story with the media. As a result, Arxan’s State of Application Security report garnered over 100 pieces of coverage in mainstream media, as well as in important vertical publications in information security and healthcare publications.
BYLINES / CONTRIBUTED ARTICLES
Pharmaceutical Compliance Monitor
2016 Check Up: Top Health Care Apps in Critical Condition – What We Need to Do Now!
Info Security Magazine
Securing Apps Critical to Advancing mHealth
Cyber Defense Magazine
2016 State of Application Security
Let’s Talk Payments
In-Depth Insights on HCE Security, HCE vs. NFC and Android Pay
Highlights
MSN Money
Hackers Set to Target Medical Records and Retailers in 2016
eWeek
Application Security Lacking in Health, Finance Apps
SC Magazine
98% of Mobile Apps Lack Binary Protection
IT Business Edge
Developers Not Walking the Walk on Mobile App Security
American Banker
Consumers Use Mobile Banking but Don’t Trust It, with Reason
Info Security Magazine
Netflix Cracks Down on Out-of-Market Streaming
Streaming Media
Video Piracy: The Simple Solution to a $6 Billion Global Problem
Health Data Management
FDA Wants More Cyber Protection for Medical Devices
Healthcare IT News
8 out of 10 Mobile Health Apps Open to HIPAA Violations, Hacking, Data Theft
Fierce Mobile Healthcare
Report: FDA-Approved Mobile Health Apps Pose Security Risks
Archer Security Group
Targeted Security and Compliance
mHealth Intelligence
mHealth App Security is a Myth, New Survey Finds
MEDIA / ANALYST BRIEFINGS SECURED
- Penny Crossman, American Banker
- Roy Urrico, Credit Union Times
- George Jones, RNN
- Christina Yanette, Signal Magazine
- Tim Clark, FactPoint
- Matt Sarrell, Sarrell Group
- Brian Santo, Light Reading
- Ernest Worthington
- John Petrik, The CyberWire
- Micah Blumberg, VRPerception
- Rae Michelle Richards, Broken Joysticks
- Robert Lemos, TechBeacon