91% of mobile apps expose personal information

“During our initial analysis of mobile applications we found that 91% of the top mobile apps unnecessarily expose a user’s personally identifiable information,” said Sam King, executive vice president of product strategy and corporate development at application security specialist Veracode, in a statement. “Despite this, most mobile users and businesses aren’t aware of the risk these apps pose to their organization.”

The pervasiveness of mobility within the workplace is indisputable. “Mobile computing raises new security concerns in an increasingly mobile world, where devices may be employee-owned, frequently changed, and used for both personal and business purposes,” according to Gartner Research. “With the growing penetration of mobile devices in the enterprise, security testing and protection of mobile application and data become mandatory precautions against attacks.“

However, security becomes an even worse issue within a bring-your-own device (BYOD) environment.

“The rise of BYOD friendly workplaces means employees are now downloading personal apps on devices that have access to corporate as well as private data,” said Neil DuPaul, SEO analyst and social media manager for Veracode, in a blog. “It is not uncommon for useful and seemingly harmless applications to be designed to perform tasks that are unrelated and unnecessary to the advertised function of the app.”

Looking to tackle the issue, Veracode has added mobile application intelligence to its security suite. The goal of the Mobile Application Reputation Service (MARS) is to help enterprises and federal agencies prevent inadvertent data leakage due to the use of risky mobile applications. It’s meant to be used in conjunction with mobile device management (MDM) or mobile application management (MAM) solutions, as part of an overall BYOD risk management policy. It evaluates mobile applications supplied by public app stores, commercial developers and enterprise developers.


What’s Hot on Infosecurity Magazine?