Account compromise is no longer a distant risk but a daily reality in today’s hyper-connected world. News reports are replete with cases of former partners hijacking social media accounts or strangers draining e-wallets of hard-earned funds.
Most existing mobile security tools fail to monitor app activity continuously, leaving gaps open to exploitation. As mobile applications become prime targets for malicious actors, the risk of account compromise is amplified for Filipinos, who spend nearly 9 hours online daily.
The methods of intrusion are evolving rapidly: device spoofing and deepfake-enabled social engineering are now part of the cybercriminal’s toolkit. What used to be isolated incidents, whether unauthorised access to social media accounts or fraudulent e-wallet transactions, are now systemic challenges that threaten trust in digital platforms.
For businesses and policymakers alike, the imperative is clear: protecting digital identities is about safeguarding economic growth and consumer confidence in an increasingly mobile-driven society.
What’s at stake
It is common for users to spread their time online across multiple mobile devices. With consumers switching between mobile devices, networks, and mobile apps, it gives fraudsters multiple access points.
Even with annual regulator-mandated vulnerability assessments and penetration testing, mobile services still remain exposed to phishing, spoofing, and unauthorised access. The impact on businesses and users can be catastrophic, whether it is financial loss, reputational damage, or both.
The Philippines continues to see growth in digital payments. In 2024, the Bangko Sentral ng Pilipinas reported in its 2024 Report on the Status of Digital Payments that the share of digital payments in total monthly retail transactions rose to 57.4% in terms of volume and 59% in terms of value. That same year, the Department of Information and Communications Technology’s Cybercrime Investigation and Coordinating Center logged over 10,000 scam-related reports, highlighting the growing risks as more Filipinos rely on digital payments.
Existing mobile security controls fail to deliver persistent, app-level visibility into device activity, leaving exploitable gaps. Most apps cannot detect in-session tampering, spoofed installs, or unauthorised use of trusted sessions, nor can they alert users when accounts are accessed from unrecognised devices. Most apps cannot detect in-session tampering, spoofed installs, or when trusted sessions are not by the real authorised users and then alert users when their accounts are accessed from unrecognised devices.
The growing prevalence of mobile app fraud in the Philippines underscores the urgent need for stronger, app-level device recognition capabilities. Persistent device identification allows apps to continuously verify trusted devices, reducing the risk of fraudulent logins and protecting user accounts.
Ultimately, fighting deepfake fraud hinges on real-time identification of unauthorised access across mobile applications. For example, solutions like Appdome’s IDAnchor address this gap by offering real-time identification of unauthorised access within all mobile applications, minimising risk, thwarting account takeovers, and enhancing trust between users and organisations.
Advancing practical solutions
Filipinos should not be the last to know when something goes wrong with their accounts.
Mobile developers, regulators, and government agencies can augment their efforts to ensure this is no longer the norm. Tamper-aware identities are key in this fight, and indeed, vital enablers of the National Cybersecurity Plan 2023–2028.
By ensuring digital identities on mobile devices can detect and respond to attempts at alteration, cloning, or manipulation, tamper-aware identities embody the plan’s call to enhance the resilience of essential systems, safeguard important assets, and strengthen national accountability in the digital sphere.
Mobile developers can leverage tamper-aware identities by implementing customer identity protection (CIP) solutions that anchor the mobile device to the user’s unique identity across app (re)installs, OS upgrades, and even factory resets.
In this context, Appdome’s IDAnchor CIP delivers on robust tamper-awareness by goes beyond traditional app alerts, providing Apple’s and Google’s “Is it you?” level of security to all mobile apps in the world. This translates national cybersecurity objectives into practical daily use, protecting citizens, reducing organisational risk, and defending against deepfake and spoofing attacks in real time.
Organisations having CIP solutions in their arsenal would also aid the Department of Information and Communications Technology’s (DICT) efforts to collaborate with telecom providers and regulators to fortify defenses. Likewise, the Cybercrime Investigation and Coordinating Center , which works alongside
DICT and digital payment platforms, would be more equipped to protect users if organisations had CIP solutions that prevent account takeovers and secure mobile applications at scale.
A shared responsibility
Cybercrime driven by deepfakes, spoofing, and device manipulation is actively reshaping how Filipinos engage with mobile services every day. With escalating risks to both consumers and businesses, the country faces a potential trust deficit in digital platforms if persistent device recognition does not become a critical first line of defence.
To counter these threats, mobile app developers must integrate robust identity protection technologies that can detect unauthorised access in real time, secure sensitive transactions, and reinforce user trust. These technical safeguards must work hand in hand with public sector initiatives and national policies to create a resilient digital ecosystem.
Ultimately, lasting security will only be achieved through collective responsibility involving regulators, industries, and consumers working in unison to stay ahead of rapidly evolving cyber threats.
The author is the mobile app security evangelist at Appdome
