Could Mobile Apps Plunge Insurers into Their Own Disasters? - Mi3 Security

Mobility is now a big deal for the insurance industry. Some insurance companies have developed their own apps to help customers find an insurance agent, or take pictures of damage for claims.

Others use third parties to produce mobile apps for both business-to-consumer and business-to-business markets. Unfortunately, all of them are at risk, reputationally or operationally, from mobile app disasters.

The motivation for insurers to leverage the power of mobile is clear. Capturing client interest, providing insurance quotes, conducting live calls with insurance call centers, handling premium payments, and helping make and track claims, these are all activities that can be speeded up and made more productive by using mobile apps. In addition, insurance companies have arrived somewhat late to the mobile party, and the pressure is on to build a presence inside prospects’ and clients’ smartphones, before each other and before potential external competitors like banks.

Functions in mobile computing devices, like cameras, microphones, and GPS, with today’s powerful processors, large main memories, and varied connectivity options, offer many possibilities to the creative programmer who understands how insurers do business. At the same time, they open more doors for bad actors, giving them excuses to ask for extensive and ultimately dangerous permissions as they trick consumers and business people into downloading and installing their fake insurance apps.

Even insurers big enough to build their own apps internally are in jeopardy. Software development kits for making mobile apps may contain dubious functions or links to risky sites, hidden in binary code that makes it impossible to detect such problems by simple visual inspection. As executives push programmers towards ever shorter app release cycles, it becomes increasingly difficult to apply conventional test and quality assurance methods to guarantee that each app version is safe for use in its target market.

A bad or infected insurance app could do huge damage to unsuspecting users, whether inside or outside an insurance company. Consider the following:

·       Customer payment and account details could be exfiltrated

·       Confidential information on assets and valuables could be stolen

·       Cameras could be activated remotely to spy on users and their environments

·       Microphones could be switched on to eavesdrop on conversations

·       Additional malware could be downloaded into mobile computing devices for further damage.

The last thing insurance companies need is damage to their own reputation or loss of their credibility. However, that is what a malicious or vulnerable app bearing their name could cause. And if an insurer was seen to be responsible for prejudice to its customers, instead of helping to protect them against it, the commercial consequences could be devastating.

With these pressures to produce and release quality apps quickly, insurers need a better solution for checking security in each development and test cycle. AppInterrogator lets them vastly improve their security posture compared to slow, labor-intensive, traditional methods, and the RECON platform helps analyze threats and uncover actionable risk conditions in record time. Everybody needs insurance, and that includes insurance companies themselves. For mobile app security, Mi3 Security is the best insurance policy available today.