Latin America. According to Business of Apps, 54% of the population in Latin America uses more apps than before the COVID-19 pandemic and users are spending 18 times more time on apps than on websites.
The study indicates that LATAM's growth rate was 27.9, only two points below the global average of 29.9. That's why in recent years, attacks on applications and APIs have become more targeted and automated.
In its recent study, Digital Fortresses Under Siege: Threats to Modern Application Architectures, Akamai warns about legal user agreements for mobile applications that include Terms and Conditions whose information could be used by cybercriminals to breach users' devices. The terms and conditions set out how a product, service or content can be used, in a legally binding manner.
Undoubtedly, accepting a Legal Agreement without reading the fine print can result in a serious security problem if we consider that Latin America has one of the fastest growing application markets worldwide, with a young population that prefers mobile phones and a huge presence of smartphones in all social segments. By 2025, GSMA estimates that there will be 487 million unique mobile subscribers and 812 million SIM connections in Latin America. And he anticipates that by that date smartphones will account for 83% of total connections.
Jairo Parra, cybersecurity expert for Akamai Latin America, explained that some legal agreements for applications include the recognition that users accept that their device can be part of a mobile proxy network, in exchange for the services provided by the application. Mobile proxies are IP addresses assigned to mobile devices and are often used to access specific smartphone or tablet services or applications. Cybercriminals can use them, for example, to spread additional malicious payloads, intercept passwords via SMS, or even compromise app sessions such as WhatsApp.
Some applications have also turned mobile devices into proxy network nodes automatically, without users noticing. This can happen either because app developers include it as part of the app's original functionality or because of a threat actor that maliciously installs malware. In the event of a malicious conversion, threat actors can proceed to steal bandwidth and sensitive user information.
On the other hand, Jairo Parra reported that there are also data mining companies that are motivating game developers 
with attractive incentives to include their mobile software development kit (SDK) in their gaming applications. An SDK is a collection of tools that help developers create and update mobile apps. This offers the user a premium or ad-free experience in exchange for listing their device in a proxy network when the app is running. After the user agrees to allow their device to be part of the web data collection, the computer can still be active as a proxy even if the SDK is running in the background of the app.
According to the Akamai expert, many security teams are finding it increasingly difficult to successfully protect modern applications and APIs, which are riddled with thousands of known vulnerabilities, and attackers are discovering new weaknesses that can be exploited every day. Cybercriminals are currently designing sophisticated campaigns that combine botnets, distributed denial-of-service (DDoS) attacks, and attacks on vulnerabilities in web, mobile, and API applications, among other threats.
According to Akamai's aforementioned study, attacks against applications and APIs increased by 49% between the first quarter of 2023 and the same period in 2024. The exponential growth in demand for applications and APIs has transformed them into lucrative targets for threat actors looking to exploit security gaps to gain unauthorized access to the target's valuable data. Akamai recorded more than 26 billion attacks on applications and APIs in June 2024.
Finally, Jairo Parra stressed that applications and APIs are increasingly important for business success, therefore, before accepting any application, users are advised to stop and read the fine print of legal agreements to understand the risks associated with the use of applications. Similarly, check the ratings and reviews section for any mention of unexpected network behavior or proxy usage.
