A 30-70% drop in traffic. That’s, according to one CEO, the impact the pandemic had on in-person visits to local branches. A staple in the telecommunication industry (other than sponsoring sports teams – Go Chelsey!) is that you can find a retail outlet on every 3rd street, even in the smallest towns. So how did telecommunication companies address this drop in branch traffic? They have aggressively expanded the use cases in their telco mobile app.
Telco Mobile App is the New Branch Office
I did a quick analysis of several telco mobile apps in the public app stores. By and large they all offer the following 15 capabilities.
- Check data usage
- Pay your bill
- Enroll in auto pay
- Upgrade your phone
- Upgrade/change your plan
- Buy new services
- Enable roaming
- Purchase new phones, devices and accessories
- Switch service between carriers
- Manage your account
- Set up and activate new service
- Add people to your account
- Chat with support
- Earn rewards
- Use rewards
Looking at this list, I realize there is little reason why anybody would need to visit their local branch office. The question is, is the mobile app as protected as the local branch office?
Securing the Telco Mobile App
There are two types of activities mobile consumers make in a telco mobile app. The first type is informational and mostly deals with account information and personally identifiable information (PII). The other type is transactional and in additional to being informational also deals with payment (bank account, credit card) information.
Both informational as well as transactional data is valuable to hackers and fraudsters and should be secured in the same way the valuable assets are under lock and key in the local branch office. Let’s look at the above mentioned 15 capabilities, what type of activity they are and understand the different risks and threats involved.
| Feature | Type of Activity | Risk/Threat |
|---|---|---|
| Check data usage | Informational | Stealing data, changing data |
| Pay your bill | Transactional | Intercepting transaction, stealing payment information |
| Enroll in auto pay | Transactional | Intercepting transaction, stealing payment information |
| Upgrade your phone | Transactional | Intercepting transaction, stealing payment information |
| Upgrade/change your plan | Transactional | Intercepting transaction, stealing payment information |
| Buy new services | Transactional | Fraud, unauthorized use, intercepting transactions, stealing payment information |
| Enable Roaming | Transactional | Fraud, unauthorized use, intercepting transactions, stealing payment information |
| Purchase new phones, devices and accessories | Transactional | Fraud, unauthorized use, intercepting transactions, stealing payment information |
| Switch service between carriers | Transactional | Fraud, unauthorized use, intercepting transactions, stealing payment information |
| Manage your account | Informational | Stealing data, changing data |
| Set up and activate new service | Transactional | Fraud, unauthorized use, intercepting transactions, stealing payment information |
| Add people to your account | Transactional | Fraud, unauthorized use, intercepting transactions, stealing payment information |
| Chat with support | Informational | Fraud, unauthorized use |
| Earn rewards | Informational | Stealing data, changing data |
| Use rewards | Transactional | Fraud, unauthorized use |
Use Appdome to Secure Your Telco Mobile App
Appdome is a no-code mobile app security and fraud prevention platform. Developers and security professionals can secure any Android or iOS app on Appdome in minutes, without having to do any work. All they need is the app binary (ipa for iOS apps and aab or apk for Android apps) as well as the signing credentials used when the app was compiled. All the above mentioned risks and threats can be mitigated using a combination of the following mobile app security and fraud prevention services.
Mobile App Security
The Appdome Mobile App Security Suite will protect any telco mobile app with the following:
- ONEShield™ – Appdome’s RASP solution that adds anti-debugging, anti-tampering and anti-reversing to the app.
- TOTALCode™ Obfuscation – fully obfuscates both binary as well as non-native coding elements in the telco mobile app.
- TOTALData™ Encryption – uses AES-256 to encrypt all data stored in the application sandbox as well as in other areas of the code such as strings, resources and preferences.
- Jailbreak and Root Prevention – prevents the secured telco mobile app from running on devices with a compromised operating system.
- Secure Communications – adds Man-in-the-Middle prevention to the app, enforces SSL/TLS encryption of the communication between the app and back-end server, add secure certificate pinning to the connection and enable bot defense.
- Mobile Privacy – prevents copy paste of app data outside of the app, prevents the screen capture and screen sharing of the app.
Mobile Fraud Prevention
In addition to the above mobile app security features, telco’s can also protect their mobile apps with the following fraud prevention
- Mobile Fraud Prevention – prevent your telco mobile app from becoming the source of identity fraud, Account Take Overs (ATOs) and credential theft. Block Screen Overlay attacks, malicious programs that sit on top of your mobile application screen and trick users into interacting with malicious apps or content instead of your app.
- Mobile Malware Prevention – detects and blocks Ransomware, hacking frameworks like Frida, malware bridges like Magisk, as well as advanced malware methods used against iOS and Android apps at runtime like accessibility service abuse, code injection, function and method hooking, script injection, memory editing and more.
- Mobile Piracy Prevention – preempt and prevent mobile apps from being copied and trojanized.
See How Easy It Is to Protect Your Telco Mobile App on Appdome
If you want to see how easy it is to secure an app on Appdome and how Appdome protects that app against threats, watch this short video
Get started with Appdome today. Create your free account now.
