People rely on apps for almost everything – from social networking, to work, to navigation – resulting in a huge demand for service providers to have an app available to customers. Why are there still so many app leaks?
Where this becomes problematic from a security perspective, is the push on app developers to accelerate their time to market. It seems that staying ahead of the competition and meeting customer demands are being prioritized over secure development practices, leading to vulnerabilities like app leaks.
CNBC’s Andrea Day recently interviewed Wandera’s VP of Product about a large-scale app leak recently detected by MI:RIAM, Wandera’s mobile intelligence engine. The sheer number of app leaks and the fact that it included several high profile brands would surprise any security professional.
The global apps business is worth over $140 billion per year with more than 10 million app downloads each hour. The average smartphone user has 27 apps installed on their device at any time. Each app carries a risk. Poor security practices and shortcuts in development can lead to vulnerabilities that can negatively impact the end user, and potentially the organization they work for.
Details such as username, password, and even credit card information can become exposed by a single hit of a button by the end user. It doesn’t take an experienced hacker to find the information once it’s exposed.
“No attack is required on a mobile device when an app is freely giving away information in an unprotected way.”Michael Covington, VP Product at Wandera
Which app leaks should you be worried about?
Of the 200 app leaks in Wandera’s Mobile Leak Report, 60% came from news, sports and shopping categories. Because these categories are widely-used and seemingly low-risk they are an overlooked problem for businesses.
Employees tend to reuse passwords across personal and work accounts, accessing them on BYOD of corporate-liable devices. Why is this a problem?
Considering that 85 percent of the app leaks actually included a password, you can soon understand the scale of the problem. Username and password are all a hacker needs to access every other piece of information in a person’s account. Depending on the type of account they find themselves in, the repercussions can be immense.
Categories that are not violating typical compliance policies are not likely to be blocked by administrators. But what about adult and gambling sites? The report found 80% of adult sites are leaking user data. With a mobile content filtering service, companies can block access to these high-risk categories – an efficient and proactive way to remove the security risk.
Are service providers and developers taking responsibility for app leaks?
As with all mobile data leaks detected in its network of corporate mobile devices, Wandera notified the 200 service providers of the issues discovered and documented by the Threat Research Team and received mixed responses.
Some react by getting new apps or websites out within 24 hours but some won’t even pick up the phone.
Don’t throw away your smartphone just yet
There are a couple of simple things you should consider to avoid having your personal information exposed by leaking apps and websites.
Think twice about what kind of information you are being asked for when using a service. You shouldn’t need to provide credit card details or your date of birth for a free news service for example.
Read user reviews before you blindly trust a mobile app. Don’t be patient zero – let developers iron out any kinks before you use it.
The “Panama Papers” of mobile leaks
The 2017 Mobile Leak Report found more than 200 mobile websites and apps leaking personally identifiable information across a range of categories – including those that are essential for work. Read the report to see which types of apps present the highest risk to your sensitive corporate data.