Large Enterprises Riddled with Risky Mobile Apps

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Enterprises have a big problem on their hands, or rather in their hands — literally.

Mobile device management (MDM) solutions alone may not be enough to protect organizations from mobile threats. A new study released today from Veracode, a provider of mobile application security services from Burlington, Mass., reveals that the typical large enterprise has roughly 2,400 unsafe mobile apps running in its environment, potentially putting users and their data at risk.

Veracode arrived at the figure after analyzing data from its cloud-based platform, which sniffs out risky apps when used in conjunction with MDM products like MobileIron, AirWatch and IBM’s Fiberlink.

Veracode offers an automated app reputation service that leverages cloud computing and machine learning to evaluate apps and their effect on mobile devices and the data contained therein. Organizations can then set policies governing the use of those apps, including blacklisting them if necessary.

“Many mobile apps are unsafe because they unknowingly access insecure third-party libraries and frameworks in the software supply chain – while other apps have been specifically designed to perform malicious actions,” remarked Veracode co-founder and CTO Chris Wysopal in a statement.

During its analysis, Veracode discovered a total of 14,000 unsafe applications. Of those, 85 percent expose SIM card contents, including device IDs, carrier information, SMS message logs, contacts and call history.

Thirty-seven percent of those apps perform suspicious security actions and could be used as a springboard for potentially dangerous breaches, alerted the company. Veracode cautioned that those actions could include “checking to see if the device is rooted or jailbroken (which allows applications to perform superuser actions such as recording conversations, disabling anti-malware, replacing firmware or viewing cached credentials such as banking passwords); installing or uninstalling applications; recording phone calls; or running other programs.”

Finally, Veracode discovered that another significant number of apps access or share personal information. Thirty-five percent of the apps analyzed by the company snoop into a user’s browser history and calendars.

The most alarming aspect is what happens next. According to Veracode, those apps often transmit “sending sensitive information to suspicious overseas locations.” Further, that information can be cobbled together “to develop a complete profile of users and their social connections,” setting the stage for corporate espionage, intellectual property theft and other illicit activities that can prove damaging to a business.

Pedro Hernandez is a contributing editor at Datamation. Follow him on Twitter @ecoINSITE.

Photo courtesy of Shutterstock.