Press Release Archive

Wandera Quarterly Mobile Data Report Reveals 17% Rise in Apps Leaking Credit Card Data on Enterprise Mobile Devices

San Francisco, CA – April 20, 2016 – Wandera, the leader in mobile data security and management, today announced the findings of its latest quarterly Mobile Data Report – an analysis of mobile security and data usage trends and traffic patterns across its global network of enterprise mobile devices.

App leaks continue

The report reveals a continued rise in apps and mobile websites leaking credit card data, with several new cases from prominent brands, including the Hong Kong metro system. Wandera has discovered a 17% increase (Q1 2016 vs Q4 2015) in apps and mobile websites leaking credit card data since announcing the discovery of the CardCrypt security flaw in December 2015. CardCrypt affected 16 global companies’ mobile websites and apps who were shown to be transmitting users’ credit card details, and in some cases passport information, unencrypted and ‘in the clear’.  

Wandera is in contact with the site and app owners of the latest cases in pinpointing root causes and supporting remediation.

Exposure to malicious domains

Among the key findings of the report is the unusual and accelerated growth in malicious domains visited by users in Q1 2016. A massive 200% increase per month through the quarter was attributed to a concerning rise in ad frameworks used within apps and websites that are directing users to domains with a history of malicious activity. The report revealed that while improved education seems to be helping users avoid visiting malicious websites through typical routes (phishing attacks or unwise browser use), users are nonetheless increasingly being exposed to malware through compromised adverts in the apps they are using.

Greater encryption of data

On a positive note, Wandera also discovered a noticeable trend towards greater browser and app encryption. The research identified that 70% of the data from apps is encrypted, an increase of 21% in the last 12 months. Encryption of data within browsers has not risen quite so starkly however – a less pronounced increase of 13%, and a total encryption level of only 52%.

“It is of course a positive that encryption in browsers and in apps is increasing – but there is still an awfully long way to go, especially within browsers,” commented Tuvey. “Developers and brands are clearly recognizing the importance of encryption, hence the gradual rise in security measures being put in place. But the rate of improvement must continue, and even accelerate in order to support enterprise security. In the meantime, the onus remains on the enterprise itself to enforce its own monitoring, rules and education to counter the risks.”

Data usage in the enterprise

Wandera identified the top 10 apps by data usage on enterprise devices over the last three months. Unsurprisingly, email and Safari represent the majority of data usage – 34%. But five of the remaining eight apps are all non-work-related: Facebook (10%), Instagram (3%), Twitter (2%), WhatsApp Messenger, Spotify Music and Snapchat (all 1%) – showing a clear non-work-related usage trend on enterprise devices.

Wandera’s research also found that employees are learning to reduce their data usage to conservative levels when roaming – video consumption drops from 14% of domestic data to 4% when roaming – indicating that employee education is working.

iPhones were also shown to be the biggest driver of increased data usage in the enterprise – compared with Samsung devices, whose users only consume 44% of the data used by the average iPhone user.