The mobile app risk

Share this article:

The mobile application landscape is exploding. Currently, the average smartphone user has 22 apps installed and by 2012 some estimate that 50 billion apps will be downloaded each year, according to mobile security company Lookout, citing statistics from Nielsen and Chetan Sharma Consulting. This growing landscape has many questioning the privacy and security risks of mobile apps.

“We are starting to see greater interest from malicious parties in the mobile platform and one of the biggest [threat] vectors is mobile apps,” said John Hering, CEO of Lookout.

A number of apps have been discovered to either purposely or accidentally harvest user data. Most recently, Citigroup discovered its iPhone mobile banking application, unbeknownst to users, saved confidential account information in a hidden file on their devices.

“In a world where mobile app development is exploding so quickly, even apps you think you can trust may be leaking sensitive information,” Hering said.

According to Lookout data, 14 percent of free apps for Apple's iPhone have the ability to access a user's contact data as can eight percent of free apps for Google's Android. Additionally, 33 percent of free iPhone apps can access a user's location, while 29 percent on Android can.

While all apps that access contact data or location are not necessarily malicious, some enterprises might not want this information broadcast, Hering said.

For enterprises and developers, awareness of the problem is important, says Hering. Developers have a responsibility to ensure their app is providing the appropriate level of privacy and security. Enterprises need to educate end-users to pay attention to app ratings and what apps have access to. A simple game probably does not need to access a user's phone book, for example.

Meanwhile, not everyone believes mobile apps pose a significant threat right now.

“The jury is out in terms of how bad this could be for enterprises,” said Andrew Jaquith Forrester senior analyst. “At the moment, I don't perceive a lot of risk. The kinds of things [rogue apps] can do include rooting through your address book and looking through your music collection. This is, frankly, not that big of a deal. We are going to have to see some demonstration of real harm before enterprises will really have to get worked up about this.”
According to Jaquith, any organization supporting the iPhone should follow a few best practices, such as requiring email session encryption, wiping devices if they are lost or stolen, protecting devices with a passcode lock, and auto locking devices after periods of inactivity.
Share this article:

Sign up to our newsletters

More in Opinions

The cool factor: New tech in banking has an edge

The cool factor: New tech in banking has ...

Disruption is expected; financial crime should be, too.

Me and my job: James Hill senior security architect, Consolidated Data Services

Me and my job: James Hill senior security ...

James Hill senior security architect, Consolidated Data Services (CDS), discusses his role at his organization.

Ahead in the cloud

Ahead in the cloud

Growth businesses are always looking for flexible ways of working that reduce capital and running costs, while securely delivering the data users need, when and where they need it.