Arxan has released a report: The State of Application Security/The State of Piracy
Arxan provides application protection for companies deploying high-value applications with sensitive information, digital assets or IP on mobile, desktop, and embedded server platforms — including those connected as part of the Internet of Things (IoT). Arxan is currently protecting applications running on more than 300 million devices across a range of industries, including: financial services, high tech/independent software vendors (ISVs), manufacturing, healthcare, digital media, gaming, and others.
Adota’s talks with Arxan Chief Marketing Officer, Patrick Kehoe, about what piracy means to brands and how to protect your marketing efforts from becoming a victim.
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Q: Why did you decide to publish a report on piracy and what are piracy’s implications for advertising?
A: As a part of our R&D, we keep a close eye on the vulnerabilities and the rapidly evolving threat landscape. Our prior piracy research had focused on hacked apps accessible through public sites. However, this year we analyzed the Dark Web and the distribution of pirated releases on both the Dark Web and the public Web. Arxan partnered with iThreat Cyber Group to analyze pirated software and releases over the past 3.5 years.
Piracy’s implications on advertising are significant. In the piracy world, ads can be untrustworthy. Because of the vulnerable nature of many apps, ads can be removed from the apps and inserted with a different ad – so the advertiser’s ad might not be shown. Also, someone else’s ads could be linked into the application – so you could be paying for someone else’s ad spots. It is also common to see pirated ads with malware which, when served up, seemingly represent an otherwise reputable brand, but the ad could be hijacked, infected with malware, and could steer those clicking on the ad to malicious sites. Ultimately this could result in brand degradation.
Q: What are the costs of piracy to the economy?
A: The cost or un-monetized value of pirated materials in 2014 is estimated to be more than $800 billion.
• Enterprises would spend $491 billion, in 2014, because of malware associated with pirated software, which breaks out to $127 billion in dealing with security issues and $364 billion dealing with data breaches on PC’s and Laptops. Almost two-thirds of these enterprise losses will be the result of the activity of criminal organizations (IDC study).
• Consumers would spend nearly $25 billion and waste 1.2 billion hours, in 2014, dealing with security issues created by malware on pirated software (IDC study).
Q: How does this affect advertiser’s brands?
The impact on advertisers’ brands depends on the type of advertiser. There are two classifications of advertisers in the piracy world – those who knowingly are advertising, and those who don’t. Because of the high-risk environment (as mentioned above), the impact to the advertiser’s brand could be significant. Digital Citizens noted some troubling trends:
• Malware and Unwanted Downloads: One-third of the sites included links with the potential to infect users’ computers with viruses and other malware. In most cases the links are hidden behind Download or Play buttons, but in many cases, it is not even necessary to click on a link to spawn the unwanted download. These downloads earn site owners millions in annual revenue.
• More Premium Brand Ads Found: Despite industry and public efforts to crack down on content theft, researchers found more premium brand ads on content theft sites in 2014 than in 2013. This is a danger for the reputation and value of legitimate brands, and should spur even more action to throttle advertising to these sites.
• Rampant Fraud: Ads can mislead, misrepresent and misdirect: MediaLink and ad effectiveness firm DoubleVerify found that 60% of the ad impressions served by sites with available data were “laundered” – served through phony “front” sites to obscure the ads’ ultimate destination. For 15% of the sites, all of the ad impressions were fraudulent in this regard.
Q: What should advertisers be aware of in deciding with whom to partner?
A: Advertisers should seek assurance that their ad network is not linked to torrent sites and others that distribute pirated assets. If ads are being distributed within mobile apps, advertisers should understand what security measures have been baked into the mobile app, asking questions such as “Has the app been hardened?” “Are the crypto keys protected?” If not – or if inadequate — they ought to reconsider.
Best practices to seek from partners include:
• Hardening applications so they are not susceptible to reverse engineering
• Building run-time protections into applications (particularly mobile apps) to thwart tampering / malware attacks
• Protecting cryptographic keys so they are not visible statically (i.e., while residing on a device) or at run-time in memory. White box cryptography solutions provide this type of protection
About Patrick Kehoe
Patrick Kehoe joined Arxan in January 2014 as Chief Marketing Officer. Mr. Kehoe has more than 20 years of experience building and managing sales and marketing capabilities for software, hardware, and service providers in the high tech industry. Over the past three years, he held leadership positions at Siemens Enterprise Communications (SEN) – a global provider of communications software and services. Most recently he was responsible for North American marketing and partner business, where he oversaw the development of the strategic plan and drove Market Awareness, Pipeline Generation, and Sales results. Previously, he managed SEN’s Global Marketing Strategy, Intelligence, and Operations. Prior to SEN, Mr. Kehoe held positions at Booz Allen Hamilton and MarketBridge, a Sales and Marketing Professional Services Firm, where his clients included: IBM, SAP, Symantec, and VeriSign. Among other areas of focus, he was responsible for market expansion, new product marketing, digital marketing, and social media. Mr. Kehoe has a track record of success in North America, Europe, South America, and Asia, and has spoken at conferences and corporate events on a variety of sales and marketing topics. He holds a degree in Computer Science from Vanderbilt University and a MBA from the Darden Graduate School of Business, University of Virginia.
__________________________________________________________________________
Subscribe to the free Adotas.com Newsletter