This post is from the Apperian blog and has not been updated since the original publish date.
Mobility News Briefing - March 11
It's hard to keep up with every news story, interesting article, and blog post. Catch us every Friday for a roundup of the stories we think you want to know about each week. Subscribe to make sure you don't miss an update!
The story: Hewlett Packard Enterprise (HPE) published a new research report that analyzed 36,000 iOS and Android mobile apps for security threats and found that more than half of the apps were collecting a disconcerting amount of data. This was especially startling because much of the data was not needed for the app's functionality.
Location tracking detected in >50% of apps... While location is essential to many apps like GPS apps, such data can also be detrimental to users' safety if it ends up in the wrong hands. Location data collection should be limited to apps that require such functionality, excluding apps that are built for other purposes such as educational apps, of which the report found over 70% of iOS education apps tracked location.
Calendar data collection in >40% iOS game apps and >50% iOS weather apps... Calendar data can be especially informative as it often includes the names of those attending, location and purpose of the event, or topic being discussed in the meeting.
Sensitive data is put at risk via ad / analytics frameworks that are used by 60% of apps... Such frameworks could be misconfigured or insecure while storing and transmitting very specific user data.
Logging methods found in 95% of apps can expose data... While logging is an important part of app development and testing, it should removed from the app before it goes to production as to not expose user log data.
What to do?
*Delete and stop using all mobile apps... Just kidding, we all know that's not happening anytime soon. So, instead, enterprises and consumers alike need to take precautions to ensure mobile data is not at risk.
Enterprises should manage their employees' apps carefully... Inspect them regularly for malware and risky app behaviors, and protect the corporate, sensitive data they hold with mobile app security policies.
Consumers should be wary of the mobile apps they chose to download... Make sure they understand the purpose and functionality of the app while also checking what kinds of data is being collected.
Unsure if your enterprise mobile data is secure? What this 5 minute demo video to learn how Apperian provides the highest level of mobile app security. Or contact us, we’re happy to answer any question you might have.