MetaIntell, a vendor that specializes in cloud-based mobile risk management (MRM), set about testing the top apps in a range of stores, including Amazon, CNET, GETJAR and the official Google Play store. It found that more than 92% of the applications it tested used non-secure communication protocols, while 60% communicate with domains that are blacklisted by a reputation service.
Additional risks included developer reputation, content vulnerabilities and 20% of the apps tested had the ability to load external applications either locally or remotely – all without the express consent or knowledge of the user.
Digging deeper into the data, MetaIntell rated the risks so high on many applications that 42% of them should not be allowed onto any consumer or enterprise-owned device.
These results are from an analysis of the apps that people download the most – suggesting that much more user education is necessary when it comes to mobile use.
“What most people do not fully appreciate are the risks associated with downloading apps from the million-plus Android applications available in app stores,” the company explained in the research. “Most users assume that applications are trusted if they are offered in an official app market. App stores typically make no guarantee about the trustworthiness of the products they offer. Most often, applications are developed and hosted in the apps markets with no risk assessment.”
The reality is, almost any application can become the source of serious threats that can affect both the device and the intranets to which that device connects, which can have serious ramifications in an enterprise setting. Users should approach app downloads with this in mind – especially corporate users.
“Access to personal data is what makes mobile applications uniquely useful and relevant to users,” said Chris Hazelton, research director for mobile and wireless at industry analysts 451 Research, in a statement. “In exchange for free apps, consumers are willing to share personal data with third party developers. Companies cannot afford to do this, and must control access to data on mobile devices – creating a real need for greater transparency and control of the apps that are available to employees from public app stores.”
So how can mobile device users and enterprises protect themselves from risky mobile applications? By not downloading applications that carry risk, of course – and that means being vigilant about reading the terms and conditions of apps and understanding what one is agreeing to when downloading. “Threats occur where risk conditions exist. Eliminate the risk and avoid the threat,” said Kevin Mullenex, CEO of MetaIntell.
Unfortunately, that will be easier said than done.