Decades ago, large corporations and small businesses advertised in newspapers and magazines, comfortable knowing that the printed product was the most direct – and hence, financially advantageous – line of communication to reach potential customers. Then along came the radio, which began cutting into the return on investment for newspapers. Soon after, television followed radio and then desktop internet access trumped all of the predecessors. From office or home, businesses could reach customers both in their own geographic location and all over the world.
While it is safe to say that the Internet is here to stay, what is changing is the way in which consumers access their web-based information. According to a 2014 report by comScore, the majority of digital media consumption is now taking place via mobile apps. In fact, the latest data shows that consumers spend more time using mobile digital media (51%) compared to desktop access (42%). Further, many lifestyle and shopping businesses have invested in mobile apps, a segment which grew 81% in 2015.
For businesses, the implications are clear: if you are unable to reach your audience through mobile search or display, you are not reaching potential customers. However, the question that follows is: how safe are your mobile applications, once they are active? Are your digital assets secure in a treacherous world where bad actors and fake apps can hurt your business at every turn?
Fake apps: fraudsters and phonies across the digital landscape
Mobile commerce accounted for 40% of online commerce on a worldwide basis in 2015, according to a report published by Flurry, an analytics blog produced by Yahoo!. As apps continue to pop up in a variety of app stores available across mobile platforms, there are more and more opportunities for fake apps to try to divert business from legitimate companies.
Businesses need to change their expectations regarding how we consume data and mobile apps are important for two main reasons. The first reason is simply that having a mobile app allows businesses to compete in the digital marketplace. The second reason – and just as important – is that if you do not have an app for your product, you leave yourself open to fraudsters creating one to scam your customers or even sell their own products while diverting sales from you.
Several well-known examples of fake apps have been covered in the news in 2015, including that of a bitcoin wallet application called Breadwallet. A representative of the bitcoin app posted a notice to social media and discussion website Reddit, saying that “a fake Breadwallet app using the same title and icon as the real Breadwallet made it through Apple’s review process and was added to the App Store on July 29”.
If Apple’s App Store – which had been thought to be one of the most stringently secure stores in operation – was susceptible to a fake app (likely through a lapse in its vetting process), then what does that say about the other app stores out there? The reality is that the fraudsters are getting more creative, while companies like Apple might be spending less time and attention monitoring them.
The fact that Apple was susceptible, despite having one of the better screening processes, should serve as proof to consumers and business that while the big names can be relied on to screen some apps, they cannot check everything – after all, they have their own businesses to run. Companies must be diligent when they design their apps, especially with regard to who they hire to publish them and who out there is trying to duplicate them once in the marketplace.
Fraudsters are not discerning in terms of what companies they will look to poach business from: big companies and small companies are both susceptible. However, there are a few key elements to look for when monitoring the security of your business’s mobile app.
Bad actors are not in the business of building and developing a brand, so they tend to go for easy targets. Consumer brands that people interact with on a regular basis are popular targets, as is anything associated with a developing trend, such as the 2016 US election or the Olympics.
Forbes Magazine published a story in July 2016 on hackers at the Summer Olympic Games in Rio de Janeiro setting up fake Wi-Fi hotspots throughout the city. Through these unsecure hotspots, hackers were able to access data and info from mobile users, and even install malware and so-called ‘malapps’ on phones as well.
At the same time that the Olympics were dominating the news cycle, Pokémon Go was all the rage. In August 2016 it was reported that fake versions of the app were available through a third-party website for download. These apps pretended to be the genuine version of the Pokémon Go app and allowed users to access up to Level 5 in the game.
Both speak to this notion of hopping on trends with fake apps. So how do you protect yours?
Mobile app defence: monitoring and enforcement
As with traditional online content, brands can be subject to a variety of abuses in the mobile arena. Misuse can include trademark infringement, trademark dilution, corporate disparagement, fraud, unauthorised sales activity and more.
While some proactive measures are in place in certain mobile app marketplaces, sophisticated third parties can circumvent those protections and populate the landscape with fake and abusive apps or malapps. Understanding the mobile marketplace and enforcing IP rights is an important way to ensure a proper customer experience.
Because you have your own business to run, and do not have hours upon hours to devote to monitoring your own apps and chasing down the bad actors infringing your brand, it is best to employ the services of a company with experience.
Some of the best mobile app monitoring companies have tools designed to help brand holders to detect unlicensed use of their intellectual property. Typically, they focus on reviewing and vetting content, following key metrics such as mobile app names and status, links to the app, creator names, marketplaces and app price and estimated downloads.
Keeping applications secure begins with monitoring. Having analysts review your apps reduces the false positive rate and gives oversight of some of the most popular mobile marketplaces – there are plenty of platforms where bad actors can infiltrate the system and set up fake apps.
According to the Digital Millennium Copyright Act, online service providers such as Google Play, the Apple Store and Windows Phone are not responsible for infringements conducted through their platforms, but are obliged to act once someone has brought an infringement to their attention. For example, the malicious bitcoin apps (eg, GreenBits, Blockchain and BitcoinCore) were not shut down until a Breadwallet representative brought them to Apple’s attention.
Each mobile app marketplace supports a dispute resolution programme in some guise, but they generally allow trademark holders to assert their rights when violations appear. However, these dispute programmes are not proactive and respond only when a complaint is filed. Even Apple offers a blank statement to those looking to dispute an app, which reads: “Once you have identified the app and described the alleged infringement on the following pages, we will respond via email with a reference number and will put you in direct contact with the provider of the disputed app.”
Essentially, the burden falls on the brand holder. Complaints can typically be filed directly – which requires knowledge of the disparate dispute policies – or via an authorised agent, such as a law firm or dedicated service provider. Many are willing to pay for the expedited service and hassle-free experience of using an outside partner.
Best practices for mobile app defence
There are five basic ways to determine what mobile apps you have and how to monitor and protect yourself online.
Identify your mobile app portfolio
Start the process by taking a hard look at how many apps your company has and who is responsible for managing the portfolio of mobile applications. While this is a daunting task for any brand manager, because different departments may produce different apps without communicating through proper channels, even getting an imperfect understanding of the mobile marketplace requires ongoing relationships across the business. Marketing, legal and IT can put their heads together to help protect your mobile brand, starting with an inventory of the current apps you have.
Standardise your mobile presence
After you have identified your app portfolio, it is critical to standardise your mobile presence. Consistency across publisher name, style, brand use and the mobile marketplaces on which your apps appear will create a recognisable standard, which customers will quickly learn to identify. If you are working with different partners to develop and publish apps, make sure that they follow the same guidelines as your in-house teams.
Educate your customers
The line of communication between your business and your customers begins with you. Sharing your mobile app guidelines with customers and steering them away from fake or fraudulent imitators can only help to foster this relationship and keep both you and your customers safe. Financial companies have learned these lessons many times and have educational materials readily available on public-facing websites (Nationwide Insurance offers one of the best examples at www.nationwide.com/avoiding-ap...).
Monitor third-party use
While some proactive measures are in place on certain mobile app marketplaces, fraudsters can circumvent those protections and populate the market with fake and abusive apps (Breadwallet is the best example of this). They can also target secondary marketplaces which have fewer restrictions on app publication. In order to ensure a clean brand presence and prevent the dilution of your brand, you will need a programme to monitor for infringement.
Enforce your rights
Most mobile app marketplaces support a dispute resolution programme, like that of Apple and Google. However, many do not. Familiarise yourself with these programmes, which vary by marketplace, or partner with a service provider which can swiftly file disputes on your behalf. These programmes are the easiest way to remove infringing material from apps or to remove infringing apps entirely.
Corporation Service Company
2711 Centerville Road, Suite 400
Wilmington DE 19808
Tel +1 800 927 9801
Tim McKeever Product manager [email protected]
For the past 15 years, Tim McKeever has helped corporations around the world protect their brands in the digital space. His experience in brand protection includes 12 years in operations, both as an analyst and manager, as well as the last three years as product manager for CSC Digital Brand Services.
This article first appeared in World Trademark Review. For further information please visit www.worldtrademarkreview.com.