In this month’s cloud security report, we dive into app permission categories. You probably know that millions upon millions of malicious apps are downloaded every month from the official app stores, but do you know which app categories present the highest risk to your organization and which permissions your end users need to be wary of?

The Wandera Data Science team provides an analysis of the distribution of risk for applications containing the most prevalent intent filters.

We also look at third-party app stores, a number of new phishing domains identified and a roundup of September’s security news from all over the web.

App permissions: can’t live with them, can’t live without them

For applications in the Google Play Store, Google groups permissions into:

  • Standard permissions
  • Signature permissions
  • Dangerous permissions

Dangerous permissions are any that allow an application to obtain personal information. All dangerous permissions (such as the ability to answer calls or access your location) require the user to manually approve the permission, whereas standard and signature permissions can simply be enabled by default for the application.

We took a look at some of the categories with the largest proportion of dangerous permissions, those that have the most insight into the personal data of users.

Top 10 Categories Using Dangerous Permissions

Video players and games were identified as being more risky in terms of app permissions. But the reality is, malicious apps come in all categories. Every day, there are news stories about malicious applications being downloaded millions of times, and there is a need to be wary of the permissions being accepted and the potential damage they can cause.

Top dangerous permissions

Below are the top 5 dangerous permissions being requested by malicious applications. While permissions such as location access can be common in everyday applications, permissions such as writing to storage or settings could be misused by malicious apps.

wdt_ID Permission Description
1 android.permission.WRITE_EXTERNAL_STORAGE Read/modify/delete SD card contents
2 android.permission.READ_EXTERNAL_STORAGE Read SD card contents
3 android.permission.READ_PHONE_STATE Read phone state and identity
4 android.permission.ACCESS_FINE_LOCATION Fine (GPS) location
5 android.permission.RECORD_AUDIO Record audio

Organizations can’t necessarily rely on end-users to be diligent with the app permissions they allow. It’s very easy to flippantly accept permissions to start using an app without understanding the full extent of what is actually being granted. Without a thorough understanding of which apps have high-risk permissions and how PII is being handled, companies can be at danger of data leaks.

Comparing Software-Defined Perimeter (SDP) with Virtual Private Networks (VPN)?

As the market moves toward ZTNA security models, there have been calls to get rid of VPN. But what exactly are the differences between SDP and VPN and how can SDP help businesses achieve Zero Trust security? Our latest whitepaper provides a deep dive into the two technologies.

Read the report

The Threat of Third-Party App Stores

Ordinarily, mobile users will download their apps from the official app stores, however, not every app is available. Take Fortnite for example, which was recently pulled from the official stores due to a policy infringement and has had a contentious relationship with Apple and Google for some time. In instances like this, users have to turn to third-party app stores for apps unavailable through official channels.

Both Apple and Google have strict requirements and rigorous vetting processes for the applications on their platforms, however, this isn’t necessarily the case for third-party stores, making them more susceptible to malware distribution or even data breaches. For instance, earlier this year, Aptoide was hacked and 39 million user records were stolen.

Top 5 3rd Party App Stores

1 | Aptoide
2 | Orange Jeux
4 | APKPure
5 | 9Apps

Generally, the use of third party app stores requires jailbreaking or rooting of the device, which requires admin privileges. Devices owned by a business may be enrolled in UEM, or some other device management platform, which generally have the ability to restrict privileges and detect jailbreaks or rooting.

However, standard detection capabilities are not infallible and can be bypassed. Additionally, personal/employee-owned devices are more frequently being used for work and are not enrolled into any device management service. We recommend a two-fold approach: application risk assessments to identify risky applications, and blocking traffic to and from third-party stores.

ICYMI: September's Security News Roundup

Data Science Monthly

In Android, Intent is a messaging object which is used to request an action from another app component such as activities, services, broadcast receivers, and content providers. Generally, in Android, Intents will help us to maintain the communication between app components from the same application as well as with the components of other applications.

In this visualization we show the distribution of risk for applications containing the most prevalent intent filters based on applications scanned by MI:RIAM in the previous month.

You can see here that we have observed higher risk applications containing the android.provider.Telephony.SMS_RECEIVED intent filter, which informs the app of newly received SMS messages. Comparatively, the intent has been observed in more lower-risk applications, which notifies the app when the device is connected to power.

Unless properly secure, Intents might be used as an entry point for security attacks. Attacks can be easily sent through intents to components, which can indirectly forward them to other components, and so on.

We're here to help you

The world of work is being completely reshaped, and remote working has become critical for business continuity. If you need any assistance with your remote working challenges, please get in touch.

Get in Touch