San Francisco-based mobile app security provider Appthority has released its App Reputation Report that unveils the hidden security risks for top mobile apps. The report discloses security issues raised by the BYOD movement, along with the top targeted app categories on the Android and iOS platform and the sensitive data that the apps can access.
The Appthority Platform analyzed the top 50 free apps from Google Play and Apple’s App Store to find the risks involved in having BYOD mobile devices. The cloud-based Appthority platform is capable of identifying and grading risky activities in mobile apps including malware detection, corporate data exfiltration, and intellectual property exposure.
According to the report, as more companies move to a BYOD policy, mobile apps are becoming a major threat for these companies when it comes to network and data security.
Both iOS and Android app markets are extremely fragmented when it comes to app developers. Among the top 50 apps, 20 percent of top 50 apps are made by Google while Apple has only two percent of top 50 apps. More than 66 percent of Android and 92 percent of iOS apps are created by unique developers.
The report segregated the known behaviors of risky apps into four categories – user contact, location, calendar and ad network.
A whopping 96 percent of iOS apps and 84 percent of Android apps have the ability to access user’s personal and sensitive information such as ad networks and/or analytics, contact information, calendar details, or location from the device.
Gaming apps top the list of overall popular app category, making up 20 percent of top Android app and more than 50 percent of the top iOS apps. This category also represents the most vulnerable for leaking user data, as they have most access to user information. In addition to games, a large percentage of business applications, programs related to health, medicine and finance can represent new types of risk for companies and businesses.
“As employees bring their own smartphones, tablets and other mobile devices into the workplace, they’re introducing new security risks to the enterprise,” said Domingo Guerra, president and co-founder of Appthority. “IT departments used to control technologies used at work. But now, employees are bringing apps from various developers with access to all kinds of data on mobile devices, including business and personal information. With our App Reputation Report, we’re showing the potential vulnerabilities behind the most popular apps. We want to help put IT back in control of securing company data.”
A recent report from Juniper Networks Mobile Threat Center has identified 8,608 new mobile malware samples in the first three months of 2012. Another report also notes that BYOD users can’t be trusted. It’s up to the company to proactively protect their network and data, as well as the devices their employees use on their network.
Juniper network’s first-annual Trusted Mobility Index report on mobile technology adoption revealed that BYOD users’ level of trust in dealing with mobile usage is uncertain, with just 15 percent of respondents expressed confidence in dealing with security issues in their mobile devices and services.
Mobile App Risk Management Solutions
Appthority will gain knowledge in developing and implementing solutions for integral security concerning customer organizations, information and systems by partnering with DreamLab technologies.
“Integral security stands for security as an overall package,” explained DreamLab Technologies’ founder and CEO Nicolas Mayencourt. “It also involves processes, ways of communication and structural measures, in addition to IT. Integral information security is an important prerequisite to responsibly leading an organization.”
The cooperation with Fixmo Sentinel and Fixmo SafeZone will help IT organizations to secure and protect their corporate data, manage their mobile devices, monitor system integrity and maintain regulatory compliance. The combined solution will enable IT organizations to assess the threats and security vulnerabilities associated with third party mobile apps.
IronKey’s data security and secure Web browsing products provide cloud-based security management platform to mobile devices.
“Partnering with Appthority was a great decision when IronKey decided to bring our secure browsing and mobile device security technology to Android. This allows IronKey customers to have a single cloud-based security management platform for Android, iPhone, iPad, Windows PC and Mac computers. This is crucial when rolling out Bring Your Own Device (BYOD) programs. It’s also very important for consumers, who can now use IronKey security on any device,” said David Jevans, founder and chairman of IronKey.
The PrivacyChoice MobileScan tools and Appthority’s existing mobile solutions will allow developers to quickly deliver privacy enhancements for their users.
Lastly, Appthority’s partnership with Quixey will take safety of every app downloaded onto a mobile device to the next level. Quixey’s search engine apps will be used to identify malware before they reach a user’s mobile device, protecting users before they download malicious apps.