• About
  • Subscribe
  • Contact
Saturday, May 31, 2025
    Login
FutureCISO
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
No Result
View All Result
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
No Result
View All Result
FutureCISO
No Result
View All Result
Home Process Compliance and Governance

PodChats for FutureCISO: Future-proofing mobile app security in 2025

allantan by allantan
May 31, 2025
Share on FacebookShare on Twitter

Mobile app use surged ahead in 2025 globally, with the average user spending nearly 5 hours daily. Mobile app security faces a complex and evolving landscape as regulators call for stringent compliance, improved malware detection, and controls against unauthorized app installations.

Security solutions now focus on real-time threat intelligence, app shielding, and dynamic policy enforcement to maintain trust and regulatory alignment.

Threat actors remain at the forefront, if not ahead, in the use of cutting-edge technologies to break defence mechanisms. Asia’s booming mobile market incentivizes investment in secure app development, privacy-first user experiences, and innovative security frameworks that can scale with the region’s dynamic digital ecosystem.

The accelerating threat landscape

Jan Sysmans, mobile app defence evangelist for Appdome, highlights that the mobile security landscape is facing "escalating challenges from AI-powered attacks like advanced malware and biometric bypasses, which are constantly evolving."

Traditional defences, he warns, are "proving insufficient against these dynamic threats." The proliferation of AI-driven attacks means that static, signature-based security models can no longer keep pace.

According to Appdome's "2025 Message to Mobile Businesses", attackers are innovating at an alarming rate, with AI being "used to enhance existing attacks and create new attacks faster than ever."

The report specifically notes that "in 2025, AI is being used to generate deepfakes to bypass Face ID and spread attack know-how to the masses. Next, AI Agents will be used for better social engineering, On-Device Fraud and ATOs [Account Takeovers]."

This creates a widening gap between threat evolution and defensive capabilities. While industry regulations and standards like OWASP move at a slow to medium pace, the hacker community, organised crime, and AI-powered threats are evolving at the fastest rate.

Sysmans explains, "A new paradigm is crucial: AI-native security platforms."

The mobile defence dilemma

Appdome's 2025 report starkly illustrates that "mobile defence is moving too slow." It points out that mobile businesses are "facing new risks but...are struggling to get the needed defences live." The report identifies several key barriers: "Lack of resources, implementation complexity, too many point products, technical overlaps, and poor user experiences have held back time to market for all defences."

This aligns with Sysmans' observation that organisations need to move beyond fragmented security approaches: "Organisations are increasingly consolidating security tools onto unified platforms, moving away from disparate point solutions."

Jan Sysman

"This trend is vital for better threat coverage, especially in regions like Asia where procurement often prioritizes lowest cost, potentially leading to complex implementations and a lack of futureproofing against evolving threats." Jan Sysmans

Performance, flexibility, and developer experience

A common concern with embedding security into apps is the potential impact on performance and user experience. Sysmans claims Appdome addresses this with a security framework that directly integrates protective measures into mobile applications during the build process. He also stresses that that during the app building and signing phases, Appdome actively optimises the application.

Related:  SG orgs use GenAI tools, despite security concerns

"This process often leads to (but not always) a reduced overall package size for the secured app, enhancing performance and user experience," he beams.

AI-native security: the new imperative

Appdome's 2025 report makes a clear call to action: "Get Cyber to be A.I. Native [or else]." It emphasises the need to "Use AI to accelerate defence delivery, threat monitoring and response, and end user sup[port]." This aligns with Sysmans' assertion that "proactive AI is key to future security. Given the unknown potential of AI to create increasingly sophisticated attacks, leveraging AI-native platforms deeply integrated into the protection process is paramount for proactive threat identification and swift countermeasure deployment."

The report illustrates the current threat landscape with a comprehensive diagram showing the range of threats mobile businesses face, including fake location services, account takeovers, on-device fraud, bots and DDoS attacks, AI-deep fakes, and social engineering scams.

Sysmans warns, "AI is increasingly undermining biometric security, with real-world instances showing AI-driven attacks bypassing liveness checks. This demonstrates that even passwordless solutions relying on biometrics are not inherently secure, as compromising the biometric element can compromise the entire authentication flow."

Proactive defence against sophisticated threats

Sysmans is clear that future-proofing mobile app security requires more than just compliance or basic protections. He advocates for a layered, proactive approach: "Apps need dynamic certificate pinning and 'Threat Events' to customise responses beyond simple closure, as instability from aggressive security risks app store penalties."

He adds, "AI-driven solutions tailor threat responses and monitor devices for malware like banking Trojans, automatically restricting transactions. This ensures robust, intelligent in-app protections and leverages threat frameworks to disrupt social engineering attacks like voice phishing."

DevOps, automation, and unified security management

For development teams, Sysmans stresses the importance of seamless DevOps integration and automation: "Developers need platforms with seamless DevOps integration and strong automation. This enables quick security model adjustments, adapting to new threats without disrupting workflows."

He continues, "Comprehensive auditability is also vital for developer compliance and demonstrating security measures. Cybersecurity teams require automated platforms for efficient, collaborative management.

Related:  New threat resolution centre to address exploding mobile threats

"These tools empower them to quickly identify, build, and deploy defences against evolving threats, while offering auditable artefacts to streamline releases and prove regulatory compliance."

This approach directly addresses the challenges identified in Appdome's 2025 report, which highlights implementation complexity and resource constraints as major barriers to effective mobile security.

Balancing security and user experience

A perennial challenge is balancing robust security with a seamless user experience. Sysmans believes platforms like Appdome are crucial: "Developers naturally prioritise creating engaging user experiences and features, " he asserts.

"Platforms are crucial because they enable developers to maintain this focus while seamlessly integrating and rapidly updating robust security models, effectively balancing critical security needs with a smooth user experience." Jan Sysmans

He asserts, however, that "traditional SDK-based security products struggle against the escalating challenge of AI-driven mobile attacks. Therefore, it's vital for them to adopt comprehensive platforms that offer centralised security management and control, ensuring effective defence where conventional methods fall short."

Securing microservices and open-source components

With modern mobile apps increasingly built from a collection of microservices and open-source components, "development teams, even with top talent, face resource limitations and time constraints," says Sysman.

"Recognising this, prioritising speed becomes a fundamental aspect of their development strategy, making solutions that streamline security integration critical," he continues.

Compliance and regulatory demands in Asia

Regulatory requirements in Asia are becoming more stringent, but Sysmans notes that compliance alone is not enough. Regulators are holding brands accountable for security outcomes, not just compliance.

"Singaporean regulators are actively holding brands accountable for app security, emphasising that mere compliance doesn't guarantee protection," reminds Sysmans. "Traditional SDK-based solutions, while useful for meeting basic requirements, often fall short against today's sophisticated and evolving cyber threats," he warns.

A proactive, AI-native security is not an option

Sysmans concludes with a call to action: "Effective AI-based security models depend heavily on the quality and volume of their training data. This underscores the vital role of platforms capable of analysing vast amounts of threat intelligence to ensure the efficacy of their defensive capabilities."

He believes that "proactive AI is key to future security. Given the unknown potential of AI to create increasingly sophisticated attacks, leveraging AI-native platforms deeply integrated into the protection process is paramount for proactive threat identification and swift countermeasure deployment."

Tags: app securityAppdomemobile appsOWASP
allantan

allantan

Allan is Group Editor-in-Chief for CXOCIETY writing for FutureIoT, FutureCIO and FutureCFO. He supports content marketing engagements for CXOCIETY clients, as well as moderates senior-level discussions and speaks at events. Previous Roles He served as Group Editor-in-Chief for Questex Asia concurrent to the Regional Content and Strategy Director role. He was the Director of Technology Practice at Hill+Knowlton in Hong Kong and Director of Client Services at EBA Communications. He also served as Marketing Director for Asia at Hitachi Data Systems and served as Country Sales Manager for HDS’ Philippines. Other sales roles include Encore Computer and First International Computer. He was a Senior Industry Analyst at Dataquest (Gartner Group) covering IT Professional Services for Asia-Pacific. He moved to Hong Kong as a Network Specialist and later MIS Manager at Imagineering/Tech Pacific. He holds a Bachelor of Science in Electronics and Communications Engineering degree and is a certified PICK programmer.

No Result
View All Result

Recent Posts

  • PodChats for FutureCISO: Future-proofing mobile app security in 2025
  • Red Hat launches Enterprise Linux 10 for hybrid security
  • Only 36% of HKG employees under AI-powered cyber threats
  • Hong Kong 2025: Cyber defence meets insurance innovation
  • APAC accounts for a third of cyberattacks in 2024

Categories

  • Blogs
  • Compliance and Governance
  • Culture and Behaviour
  • Cybersecurity careers
  • Data Protection
  • Endpoint Security
  • Incident Response
  • Network Security
  • People
  • Process
  • Resources
  • Risk Management
  • Technology
  • Training and awarenes
  • Videos
  • Webinars and PodChats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCISO serves the interests of the Chief Information Security Officer (CISO) and the information security profession. Its purpose is to provide relevant and timely industry insights around all things important to security professionals and organisations that recognize and value the importance of protecting the organisation’s data and its customers’ privacy.

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2024 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
Login

Copyright © 2024 Cxociety Pte Ltd | Designed by Pixl