Information security risks of mobile apps

Increasing numbers of employees are using their own devices (loaded with apps) at work and connecting to their company's network.  The security specialist firm Bit9 analysed 400,000 mobile apps to explore whether they posed information security risks to organisations.  They discovered:

  • 72% of all Android apps use at least one permission that allows access to private data or control over smartphone functionality
  • 96% of respondents that allow employee-owned device access allow employees to access company email using their personal device.
  • 26% of apps access private information such as email and contacts, with only 2% of apps being from highly trusted publishers.
Although most of these apps are not malicious in intent, they are accessing such private information as GPS location data; phone numbers; contacts and email addresses.  Information can be gathered when you use any number of mobile apps including a phone flashlight or the mobile game Angry Birds (which has been downloaded over a billion times).This issue of mobile privacy will become increasingly important as the numbers of people accessing the mobile internet continues to grow.  An article in the New York Times discusses this legal ‘grey' area, pointing out that the majority of users simply do not read - or understand the implications of - privacy policies, even when such policies exist.  The European Union, which is currently discussing plans to bring web businesses into data protection rules, can expect to be challenged by the big companies for which advertising revenue is so important.Sources:; The New York Times via @Marydeeo