Warning: UAE Cybersecurity Council warns against unverified mobile apps amid rising cyber threats

TL;DR:

• The UAE Cybersecurity Council has issued a nation-wide warning urging residents to avoid downloading unverified mobile applications, emphasizing risks such as malware, financial theft, and data breaches.
  
  
• Citizens are advised to only install apps from official platforms (Apple App Store, Google Play Store), carefully check app permissions, and maintain up-to-date device security.
  
  
• The surge in cyber attacks, with up to 200,000 incidents daily has prompted the Council to reinforce awareness through public outreach and policy measures, as part of the broader UAE National Cybersecurity Strategy.
  

With the UAE’s rapid digital transformation fueling record smartphone and app usage, the nation’s top cybersecurity body has sounded the alarm on the dangers of unverified applications. In a warning underscored by recent spikes in cyber attacks, the UAE Cybersecurity Council called on the public to adopt strict mobile safety habits, as part of an all-out effort to bolster cyber protection across the Emirates .

Reason behind the warning
The warning arrives at a critical juncture. In 2025, daily cyber attacks in the UAE have approached 200,000, according to government estimates, impacting public and private sectors as well as individual users . Cyber criminals have increasingly leveraged malicious apps to distribute malware, steal financial data, commit identity theft, and access sensitive personal information, a risk heightened during national events, holidays, and times of increased online activity.

Key Elements of the Council’s Guidance:

• Download Only from Trusted Platforms:
  The Council stresses the necessity of using the official Apple App Store, Google Play, or equivalent trusted sources. Third-party or unofficial app stores common sources of malware and should be avoided completely.
  
• Review App Permissions Before Installation:
  Users are urged to carefully review what permissions an app requests during installation. Excessive access to contacts, messages, camera, or location, beyond what is required for the app’s function can be a red flag for spyware or fraud.
  
• Keep Devices and Apps Updated:
  The Council highlights that keeping your operating system and apps updated with the latest security patches is essential, as vulnerabilities are regularly exploited by cyber criminals.
  
• Exercise Caution with Links:
  Phishing remains a popular attack vector; users are told to avoid tapping on links or downloading files sent from unknown or suspicious sources, whether via text, emails, or messaging apps.
  
• Awareness Campaigns:
  These warnings are being reinforced through ongoing public campaigns, including the "Cyber Pulse" initiative, aimed at increasing awareness and teaching practical steps for online self-defence.
  

App security context in the UAE

• Surge in Mobile Threats:
  Reports show a 63% year-over-year rise in detected mobile app vulnerabilities in the Emirates, with finance, healthcare, and logistics sectors most at risk.
  
• Legal and Regulatory Coverage:
  Federal laws such as the UAE Personal Data Protection Law (PDPL) and the National Electronic Security Authority (NESA) regulations require businesses to ensure digital safety, perform regular audits, and report breaches. Non-compliance can result in steep penalties.
  
• Phasing Out Insecure Methods:
  The Central Bank of the UAE has mandated a transition from less secure authentication (e.g., SMS/email OTPs), pushing for more secure, app-based verification to further reduce common fraud risks.
  

Broader national strategy

As part of its Vision 2030 and National Cybersecurity Strategy, the UAE government is investing in:

• National and Emirate-Level Cyber Initiatives:
  Multi-tiered strategies including public education, regulatory updates, and enhanced sector-specific protections.
  
• 24/7 Threat Monitoring:
  Establishing Security Operations Centres (SOCs) across government and critical infrastructure to detect and neutralize cyber threats in real-time.
  
• Fostering Cybersecurity Culture:
  Ongoing training, audits, and collaborative drills are now routine for government employees, businesses, and the public, aiming to make robust cybersecurity second nature.
  

How to stay safe: Official recommendations

• Download apps only from the Apple App Store, Google Play Store, or official provider sites.
  
• Check developer credentials and user reviews before installing any app.
  
• Review and restrict app permissions to the minimum needed; remove any app requesting excessive access.
  
• Regularly update your device’s operating system and installed apps.
  
• Use strong, unique passwords and enable multi-factor authentication where possible.
  
• Report suspicious apps or cyber incidents directly through the Telecom Regulatory Authority , Cybersecurity Council, or your local police cybercrime unit.
  

The UAE’s warning about unverified apps isn’t a mere caution, it’s a direct response to the evolving sophistication of cyberthreats targeting a digitally connected population. By following the cybersecurity best practices outlined above and relying solely on verified sources, citizens and businesses can significantly reduce their vulnerability. The Council’s latest alert, grounded in real-time threat data and enforced through ongoing public education, marks another step in the country’s determined campaign to make the UAE a global model for safe, resilient, and trusted digital living.