Study: The Biggest Mobile App Security Risks You May Not Know About

An analysis of which mobile-app categories put consumers and companies at highest risk had some surprising results.

Despite how vigilant you are about keeping your personal information safe and secure, there’s a good chance that you have one or several mobile apps on your phone that put you at risk, according to a new study of more than 200,000 Android apps.

The “Mobile App Threat Report,” [PDF] conducted by Marble Labs, the threat-research unit of Marble Security, determined how “risky” certain apps are based on their app category (i.e. social networking, productivity, news, and so forth).

“Our research proved that some mobile app categories put companies and consumers at more risk than others,” Marble Security CTO David Jevans told Mobile Marketing Watch. “Mobile threats are not just about malware. Even seemingly innocent apps can pose data leak risks as they feed information to advertising engines or hackers’ servers, comb through contacts or emails, or exchange documents. Mobile security is a new and rapidly evolving field, and these findings help identify the categories that deserve the most scrutiny.”

Researchers analyzed different functions of the apps, including permissions that they request, what data they access, whether they tap into network location, and how the user interacts with them, to measure the level of threat they pose.

Some of the findings were rather surprising to the researchers.

  • Simple apps still pose risks. Things like wallpaper apps and business productivity apps were found to put a user’s data in jeopardy. “Many of these apps are monetized through advertising, and expose more data than users expect,” the report said. “Business productivity apps can pose data leak risks to enterprises, as they connect to shared document services, or upload and download documents.”
  • Social media apps are the riskiest. While some social media apps were found to be low risk, researchers found that more than 100 such apps exhibited behavior common to that of malware—apps that are created purely for malicious purposes. “There are hundreds of social media apps that expose users to data loss, account takeover, and privacy violations,” they said.
  • Communication apps are more risky than previously believed. Researchers found that these apps—such as WhatsApp or Skype—can pose a significant threat to a company. “Many of these apps mine the user’s contact database,” the report said. “If those databases are connected to the corporate Active Directory, then apps can mine that data and send it to third parties over the internet. These apps often mine phone call logs and SMS logs, too.”

So what can groups do to better protect themselves, especially at a time when BYOD is gaining serious traction and causing serious migraines for IT departments?

Having a written security-enforcement policy is an important first step, Jevans told Entrepreneur. “Telling employees ‘Don’t jailbreak your phones,’ or ‘Don’t download these apps,’ is better than nothing.”

Still, Jevans estimated that 75 to 80 percent of companies don’t have any kind of security protocols in place at all.

How is your association protecting itself from security threats? Share your story in the comments.


Rob Stott

By Rob Stott

Rob Stott is a contributing editor for Associations Now. MORE

Got an article tip for us? Contact us and let us know!