The summer 2014 App Reputation Report from Appthority analyzes the most popular iOS and Android apps for hidden security and privacy risks. It identifies the top 10 riskiest mobile app behaviors that threaten the enterprise and are found in 99% of the most popular free iOS and Android apps.
As more organizations adopt mobile first, bring your own apps (BYOA) and BYOD policies, preventing security and corporate privacy risks is a growing concern.
In the analysis of the top 400 apps—as identified by Google and Apple—Appthority found that risky app behaviors fall into two primary categories: sensitive data being captured and sensitive data being shared.
"As enterprises navigate how best to leverage the power of mobile, they have to confront the fact that user data and corporate data live side-by-side on mobile devices. Many mobile apps collect and share sensitive personal and corporate data without the user even being aware," said Domingo Guerra, president and co-founder, Appthority. "The first step toward mitigating this risk is to have full visibility into what risky behaviors are hidden in mobile apps, so that you can design acceptable use policies that protect your organization."
Enterprise at Risk
The report identifies the Top 10 Risky Behaviors of free and paid iOS/Android apps and outlines why the data apps are capturing and sharing puts the enterprise at-risk.
78% of the top Android paid apps had at least one of the Top 10 Risky Behaviors
87% of the top iOS paid apps had at least one of the Top 10 Risky Behaviors
82% of the top free Android and 50% of the top free iOS apps allow location tracking
88% of the top free Android and 65% of paid Android apps access the user's ID (UDID) compared to 57% of the top free iOS and 28% of paid iOS apps
71% of the top free Android apps share data with ad networks up from 58% of the top free Android apps earlier this year
58% of the top free Android apps and 55% of the top free iOS apps allow for in-app purchases
31% of the top free Android apps connect to cloud file storage, compared to 16% of free iOS apps
The study also found 85 different developers behind the top 100 iOS and Android apps. The large number of diverse developers highlights a growing IT management problem as companies struggle to adapt to a much more dynamic software environment.
Previously, software used in the enterprise came from a few trusted developers and enabled easy white-listing, but that is no longer possible as sensitive data is frequently up for grabs for third parties to mis-use.
Although malicious software (malware) created to compromise device and data security is often perceived as the leading threat to the enterprise, Appthority found that mobile malware infects only .4% of mobile apps in the enterprise and 0% of the apps found in the top 400.