{"id":77838,"date":"2015-08-13T22:04:16","date_gmt":"2015-08-14T02:04:16","guid":{"rendered":"http:\/\/rbachnet.wwwmi3-ss40.a2hosted.com\/index.php\/"},"modified":"2021-12-29T17:57:43","modified_gmt":"2021-12-29T22:57:43","slug":"mobile-apps-leaking-your-info","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/mobile-apps-leaking-your-info\/","title":{"rendered":"Mobile Apps Leaking Your Info"},"content":{"rendered":"

\"Mobile<\/a>Just in time for Blackhat<\/a>, San Francisco-<\/a>based Appthority<\/a><\/strong>\u00a0released its Q2 2015 Enterprise Mobile Threat Report<\/a>. The big headline from the Appthority report is that enterprise mobile apps<\/a> are leaking your info. They are sending personally identifiable information (PII) and other sensitive information all over the world<\/strong> often without the enterprise’s knowledge. Your phone is leaking your info all over the web.<\/p>\n

\"Appthority<\/a>FierceMobileIT<\/a><\/em> says<\/a> that the Appthority Enterprise Mobile Threat Team<\/a> (EMTT) collected and analyzed security and risky behaviors in three million apps.<\/strong> They found that the top iOS apps sent data to 92 different countries<\/strong>, while the top Android apps are leaking your info to 63 different countries<\/strong>.<\/p>\n

Zombie apps are leaking your info<\/h3>\n

The report found another threat to all data. Appthority’s all-in-one App Risk Management service shows that 100% of enterprises surveyed have zombie apps<\/strong> in their environments. Zombie apps are apps that have been revoked by the app stores<\/strong> and are no longer getting security updates. Zombie apps can give attackers a conduit into the enterprise.<\/p>\n

\"zombie<\/a>The report estimates that 5.2% of the\u00a0Apple<\/a> (AAPL<\/a>) iOS apps on employee devices in an enterprise are dead apps, and 37.3% are s<\/span>tale Apps. On\u00a0Google<\/a> (GOOG<\/a>) Android devices,\u00a0<\/span>3.9% are dead apps and 31.8% are stale apps.<\/span><\/p>\n

Zombie apps can leak your info. Appthority explains that malicious third parties could use a man-in-the-middle attack to hijack the update mechanism for these apps to install new malware on user devices.<\/p>\n

Threat to the enterprise<\/h3>\n

Despite the threats, app stores run by\u00a0Apple,\u00a0Google, and\u00a0Microsoft<\/a> (MSFT<\/a>) are under no regulatory obligation to tell users of revoked apps anything after release. Including copyright\u00a0<\/span>infringements or serious security\/privacy concerns. <\/span>\u00a0T<\/span>he report points out.\u00a0Domingo Guerra<\/a>, president, and co-founder of Appthority classified this as a stealthy risk; \u201cThe ongoing threat of zombie apps and stale apps continues to be an ‘under the radar’ threat to the enterprise.<\/em>”<\/p>\n

\"programmers\"<\/a>A third risk to the firm\u2019s data comes from their own programmers <\/strong>according to the venture capital-backed Appthority. The firm says over-taxed enterprise app development teams are increasingly relying on third-party libraries and software development kits. Vulnerabilities in the third-party packages<\/strong> can put enterprise data\u00a0at risk when they get baked into a corporate app.<\/p>\n

The company told CSO<\/a><\/em> that few mobile devices have security applications installed. In particular, only 4 percent of Android devices in use within enterprises had on-device scanning solutions.<\/p>\n

Rb-<\/em><\/strong>
\n Firms that depend on mobile solutions as part of a Bring Your Own Device (BYOD<\/a>) effort need to look after their apps as well as connectivity and hardware and data and governance and reimbursements. Bring your own device hardly seems like a cost saver to me.<\/em><\/p>\n

I have said this repeatedly, it seems like costs are just being moved around. From spending on a PC in the office that is very less likely to be lost and that can be controlled to a bunch of new enterprise applications<\/a> like EMM<\/a>, mobile anti-malware to app monitoring.<\/em><\/p>\n

<\/h6>\n
Related articles<\/h6>\n