The mobile app risk

Share this article:

The mobile application landscape is exploding. Currently, the average smartphone user has 22 apps installed and by 2012 some estimate that 50 billion apps will be downloaded each year, according to mobile security company Lookout, citing statistics from Nielsen and Chetan Sharma Consulting. This growing landscape has many questioning the privacy and security risks of mobile apps.

“We are starting to see greater interest from malicious parties in the mobile platform and one of the biggest [threat] vectors is mobile apps,” said John Hering, CEO of Lookout.

A number of apps have been discovered to either purposely or accidentally harvest user data. Most recently, Citigroup discovered its iPhone mobile banking application, unbeknownst to users, saved confidential account information in a hidden file on their devices.

“In a world where mobile app development is exploding so quickly, even apps you think you can trust may be leaking sensitive information,” Hering said.

According to Lookout data, 14 percent of free apps for Apple's iPhone have the ability to access a user's contact data as can eight percent of free apps for Google's Android. Additionally, 33 percent of free iPhone apps can access a user's location, while 29 percent on Android can.

While all apps that access contact data or location are not necessarily malicious, some enterprises might not want this information broadcast, Hering said.

For enterprises and developers, awareness of the problem is important, says Hering. Developers have a responsibility to ensure their app is providing the appropriate level of privacy and security. Enterprises need to educate end-users to pay attention to app ratings and what apps have access to. A simple game probably does not need to access a user's phone book, for example.

Meanwhile, not everyone believes mobile apps pose a significant threat right now.

“The jury is out in terms of how bad this could be for enterprises,” said Andrew Jaquith Forrester senior analyst. “At the moment, I don't perceive a lot of risk. The kinds of things [rogue apps] can do include rooting through your address book and looking through your music collection. This is, frankly, not that big of a deal. We are going to have to see some demonstration of real harm before enterprises will really have to get worked up about this.”
According to Jaquith, any organization supporting the iPhone should follow a few best practices, such as requiring email session encryption, wiping devices if they are lost or stolen, protecting devices with a passcode lock, and auto locking devices after periods of inactivity.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in Opinions

Beware of the malware walking dead

Beware of the malware walking dead

This Hallows Eve might be a good time to remind ourselves that zombies can be just as deadly, and I'm referring to recycled tools and techniques from years gone by.

Why the Home Depot attack shouldn't have happened

Why the Home Depot attack shouldn't have happened

Major retailers are falling prey to massive credit card information heists, despite spending millions on cyber security systems.

Next-generation malware: Think like the enemy and avoid the car alarm problem

Next-generation malware: Think like the enemy and avoid ...

When it comes to enterprise security, one rule remains constant - attacks will continue to increase in sophistication and attackers will seek to outmaneuver existing defenses.