Good Contents Are Everywhere, But Here, We Deliver The Best of The Best.Please Hold on!
Your address will show here +12 34 56 78
Paul Stich, CEO of Appthority shares his perspective on Mobile App Risk Management Mobile devices (smartphones and tablets) are playing an ever increasing and strategic role in today’s corporate environments. Increased employee use of mobile devices, along with the growth of the Bring Your Own App (BYOA) economy, introduces new risks to the enterprise. The average employee has between 50 and 150 mobile apps on their device, with many of those apps capable of accessing and sharing critical and sensitive corporate and personal data. Developers for web based mobile applications are inclined to choose functionality over security when trade-offs must be made.  For example, Ernst & Young (Mobile Device Security) has tested numerous mobile web applications where the password complexity requirements or account lockout features had been reduced or removed entirely. Restrictions on JavaScript or persistent session data have also led developers to place sensitive information and session information within the URL of every request to the server. In addition, network bandwidth limitations may encourage developers to create mobile device-formatted sites that cache additional information from web pages, potentially exposing this information if the device is compromised.  Client based mobile applications need to support different operating systems and SDKs that developers use to create applications.  Each of these platforms has a different security model that affect how developers address security within their own applications. So, what would be considered a mobile app risk?  Here’s an example: Have you ever noticed an app that’s constantly running in the background (that really has no need to do so?) It’s possible that it’s tracking your location and sharing it with outside parties for advertising purposes.
  App developers will often ask for these types of permissions upfront, but unfortunately that’s not always the case; or, the language they use is intentionally vague or deceptive. In the larger context of BYOD (Bring Your Own Device), these types of mobile app behaviors are not only a significant risk to users, but to organizations as well.  Without a fully automated way to check for mobile app risk, it is very challenging for organizations to identify which mobile apps put corporate data at risk versus which apps are benign.  As organizations embrace the productivity and connectivity gains of the mobile workforce, it is important to address the risks commonly found in 3rd party apps on employee devices. Some interesting data about mobile app risk:
  • Surprisingly, iOS apps exhibit more risky behaviors than Android apps (91% of the top 200 iOS apps exhibit at least 1 risky behavior as compared to 83% of the top 200 Android apps)*
  • Free apps are riskier than paid apps: 95% of the top 200 free iOS and Android apps exhibit at least one risky behavior vs 80% of the top 200 paid apps.*
* Source: Appthority App Reputation Report. Appthority was founded on the principle of helping organizations automate the management of mobile app risk, and empower a smarter, safer mobile workforce.  For more on Appthority, please visit www.appthority.com.  
0