Appthority Report Looks at Risky Business from the Top 50 Apps

By Peter Bernstein February 27, 2013

At the RSA event in San Francisco the good news is that their halls and session rooms have been packed. And, as you can see there has been no shortage of news about exciting new capabilities on areas ranging from online services that give better threat visibility, to solutions for stronger identification and access management, and lots of activity surrounding what to do about detecting and defending against advanced persistent threats (ATPs) and distributed denial of service (DDoS) attacks, which continue to make headlines around the world. 

There has also be a concentration on the emerging issue created by the bring your own device (BYOD) phenomena about how secure apps are, especially surrounding those employees who are using on their personal devices when they are at work. Well Appthority, whose cloud-based Appthority Platform can automatically quantify the enterprise risk of apps by identifying malware and risky behaviors of public and private apps and determine which apps are safe for each job role based on risk profiles, is out with its newest App Report.   

Appthority’s security team used its cloud-based Appthority Platform to analyze the top 50 free apps from Apple’s App Store and Google Play for risky app behaviors.  The reason for looking at free apps is that they are the most likely to be sharing data with third-parties and/or leaking data than paid ones, along with the fact that they also are obviously extremely popular.

The report examines the differences between the Android and iOS app ecosystems, and compares app behaviors across five popular app categories (business, education, entertainment, finance, games). It also looks at the developers behind these apps.

As Appthority says, in why it produces the report, “The user should be armed with the knowledge of what apps actually do and have the choice to opt in to app permissions. Enterprises must also be aware of the risks posed by employee mobile devices when they’re used for work purposes. As employees bring new apps into the workplace, they’re putting company data and the networks these devices access at risk.”

Highlights from the App Reputation Report include:

  • 96 percent of total apps share data with advertising networks and/or analytics companies.
  • 79 percent of the top 50 free iOS and Android apps are associated with risky behaviors or privacy issues. Overall, iOS apps exhibited more risky behaviors than Android apps.
  • Entertainment apps were the worst offenders out of the top five categories, with the highest number of apps that track for location and share data with advertising networks and/or analytics companies.
  • More than half of the total apps track for location by accessing the device GPS or using other location tracking methods.
  • Another highlight is despite all the press about Android being less secure than iOS apps in terms of posing possible threats when brought into the enterprise, the opposite is true.

One section of the report is worth a pull out here. Appthority found that overall, entertainment apps exhibited the highest number of risky behaviors, particularly in terms of tracking the user’s location and sharing data with ad networks and analytics companies. Plus, none of the top business apps accessed the user’s calendar while many of the free ones do.  

The below chart may give you a reason to pause the next time you wish to download a free app in terms of the things it can do without your permission or knowledge.

Source: Appthority

There are a lot more great nuggets of information in the full report. But, there certainly is an area of chief security officer (CSO) concern, and while there are solutions that are quite good at revealing vulnerabilities, the report does highlight the old saying that “an educated consumer is the best customer.” It finally highlights that the fact that security needs to be looked at holistically in a BYOD world and that the things that need to be protected are people, processes, devices, apps and the networks they interact with. Apps are a critical part of the equation, and reports such as these in many ways should serve as a call to action.




Edited by Brooke Neuman
SHARE THIS ARTICLE
Related Articles

API Management Poised for Big Growth

By: Paula Bernier    3/22/2017

The API management market is forecast to be worth $2.665 billion by 2021, according to MarketsandMarkets. That's up from more than $606 million last y…

Read More

IBM Watson Aims to Improve Call Center, IVR CX

By: Paula Bernier    3/22/2017

At its IBM Interconnect event today, the tech giant is introducing the IBM Watson Voice Gateway. It can act as a cognitive self-service agent, directl…

Read More

The 3D Printer That Could Print Your Next House or Finish Trump's Wall in Two Months

By: Rob Enderle    3/21/2017

Not only could this 3D printer be used to rapidly rebuild a town devastated by a natural or manmade disaster, the resulting home could be better able …

Read More

How Twitter, Indiegogo and IBM Will Augment Executives and Politicians

By: Rob Enderle    3/20/2017

I think Twitter could become the showcase for what Ginni Rometty, IBM's CEO, was talking about when she said that IBM wasn't focused on replacing huma…

Read More

NVIDIA and Intel Race for Autonomous Vehicles

By: Doug Mohney    3/17/2017

While Intel was basking in the glow of a $15 billion deal for Israel-based Mobileye this week, NVIDIA announced autonomous vehicle partnerships with B…

Read More