Australians’ belief that Apple iPhones are intrinsically secure is leading us to click on links to “risky” apps at a higher rate than any other country, according to a new analysis that found over 1 in 4 apps we encounter or install online is potentially problematic.

The Lookout analysis of 185 million devices – generated by an AI agent that scans over 100,000 apps per day – looked at 13 months’ worth of usage data and found that 26.9 per cent of apps that Australian users had installed, or that users had inadvertently tried to install by tapping on a malicious link, had been classified as ‘risky’.

Just 1.2 per cent of those app-based threats were observed on Android-based devices, while 30.1 per cent were observed on devices running Apple’s iOS mobile operating system – whose reputation for frequent updates and security patches may have led many iPhone users to “operate under the assumption that their devices are safe from attacks.”

Australians “have been using their phones to check in, order food, and more,” said Lookout APJ senior director Don Tan as the new figures were released.

Given this common usage of phones for everyday purposes, Tan continued, “Australians may have become complacent when it comes to downloading applications to their phones, at a time when risks are higher than ever.”

“But they need to become more vigilant than ever.”

The proportion of “risky” apps that Australians tried to install was much higher than that found in countries like China (10.1 per cent), Russia (5.5 per cent), Canada (4.3 per cent), the UK (2.8 per cent), Mexico (2.7 per cent), and the US (1.4 per cent).

Given that iPhones comprise nearly 56 per cent of Australian mobiles, the high engagement with risky apps translates into a significant national security exposure.

The vast majority of risky applications tapped by Australians needed to be sideloaded – installed using techniques that bypass built-in security protections – but ‘riskware’ was also common, comprising 5.11 per cent of apps installed in Australia.

Trojan apps were found on 0.09 per cent of devices – 90 mobile devices out of every 100,000 – with a similar percentage containing active security exploits, 0.07 per cent containing adware, and 0.04 per cent containing spyware.

New Zealand mobile users, by contrast, were found to have installed riskware on 82.14 per cent of devices, sideloaded apps on just 7.14 per cent, adware on 5.95 per cent, Trojans on 3.57 per cent, and spyware on 1.19 per cent of devices.

Tracking the mobile threat

With mobiles now serving as everything from financial instruments and identity devices to car keys and health trackers – one recent audit of mobile device content found that two out of three healthcare devices contained sensitive data – protecting the data on them has never been more important.

Yet after two years in which working-from-home employees came to rely on their devices implicitly, analyses regularly find that device insecurities may be threatening the data they contain and the company networks they connect to.

A recent analysis of managed mobile devices by Absolute Software found that the typical device connected to the company network from at least four different locations in March 2022 – an 18 per cent increase over January.

Fully 16 per cent of these devices were found to be storing data unencrypted and were, on average, 77 days late in applying the device makers’ most recent security patches.

This suboptimal security profile, which was again reinforced by the recent Lookout analysis, had strengthened the case for ‘zero trust’ security in which mobile and other connected devices are continually checked to confirm they are operating within their permissions.

“The shift to remote and hybrid work has changed the nature of endpoint and network security indefinitely, and has brought Zero Trust heavily into focus,” said Absolute president and CEO Christy Wyatt, who warned that “there is not a one-size-fits-all approach.”

“Every organisation should be re-imagining their Zero Trust architectures to start with the endpoint, capable of extending from device firmware to the network edge – and with a clear focus on resilience.”