App Threat Reports

Quarterly analyses of different topics in mobile application security produced by Promon’s Research team

The State of iOS App Security

Q1, 2024

In this report, our team examines iOS app security, specifically if iOS apps can defend against repackaging, which means that an attacker obtains a copy of an app, modifies it and then repackages it into a new version of the app with modified behavior that will successfully run on a device.

Download the report to learn about:

  • Why iOS apps are perceived as more secure, and what is the reality?
  • Bypassing iOS app encryption
  • Risks posed by app repackaging
  • Repackaging prevention and OWASP MASVS compliance
  • The results from our real-world testing of how 100 of the world’s most downloaded iOS apps performed against a standard repackaging attack

FjordPhantom Malware Defense in Banking Apps

Q4, 2023

In late November, Promon uncovered a new malware targeting banks in Southeast Asia, dubbed FjordPhantom. FjordPhantom was particularly insidious, combining social engineering with advanced malware to commit fraud.

To explore the malware defense posture of banking apps, we looked at how over 100 of the world’s most-used banking apps performed against FjordPhantom. Download the app threat report to discover the results and their implications.

The State of Payment Apps’ Malware Defense

Q3, 2023

In our Q3 report, our team used the screen reader previously used against the world’s most-used financial services apps. This screen reader exfiltrates data like real-world malware. We used this tool to see if we could extract sensitive information from 73 of the world’s most-used payment apps to assess their security level and understand how they tackle a common malware-style exfiltration attack.

Download the report to learn about:

  • Android Accessibility services and how malicious actors exploit them to spread malware
  • The results from our real-world testing of how 100 of the leading Android payment apps fare against screen reader attacks
  • Don’t miss our Security team’s recommendations to stay one step ahead of cyber threats
App Threat Report - Malware

The State of Financial Services’ Malware Defense

Q2, 2023

Malware continues to target financial services apps. According to SecureList, more than 57,000 banking trojans were observed in Q1 2023, up 19% over Q4 2022. These trojans can steal customer credentials, observe, and record personal data and sometimes conduct transactions.

Download the report to learn about:

  • Android Accessibility services and how malicious actors exploit them to spread malware
  • The results from our real-world testing of how 100 of the leading Android banking and financial apps fare against screen reader attacks
  • Don’t miss our Security team’s recommendations to stay one step ahead of cyber threats

The State of Game Security

Q1, 2023

This report reviews mobile gaming security, exploring how the top games by revenue protect themselves against hooking frameworks, repackaging, and rooted devices.

Our Q1 report explores the overall security level for mobile games. To assess that level, we checked more than 350 Android games to see how they fared against our repackaging attacks, deployment of hooking frameworks, and how they handled the detection of a rooted device. Initial results showed that most apps were vulnerable to our attacks.

The State of Repackaging

Q4, 2022


Securing today’s mobile applications requires protecting not only the app code while at rest, but also the entire app process when in runtime. As attacks have grown more sophisticated, so too have the tools and techniques to mitigate and protect against these attacks.

Our Q4 report specifically explores repackaging, a code alteration or injection attack primarily directed at Android apps, in particular banking and finance apps. In the report, you will find a short primer on repackaging, followed by a review of the hundreds of financial services apps across various sectors, install bases and regions to assess the overall level of security against this common attack.