Wednesday, July 28, 2021

Average Large Enterprise Is Riddled with 2,400 Dodgy Mobile Apps: Veracode

Enterprises have a big problem on their hands, or rather in their hands — literally.

Mobile device management (MDM) solutions alone may not be enough to protect organizations from mobile threats. A new study released today from Veracode, a provider of mobile application security services from Burlington, Mass., reveals that the typical large enterprise has roughly 2,400 unsafe mobile apps running in its environment, potentially putting users and their data at risk.

Veracode arrived at the figure after analyzing data from its cloud-based platform, which sniffs out risky apps when used in conjunction with MDM products like MobileIron, AirWatch and IBM’s Fiberlink.

Veracode offers an automated app reputation service that leverages cloud computing and machine learning to evaluate apps and their effect on mobile devices and the data contained therein. Organizations can then set policies governing the use of those apps, including blacklisting them if necessary.

“Many mobile apps are unsafe because they unknowingly access insecure third-party libraries and frameworks in the software supply chain – while other apps have been specifically designed to perform malicious actions,” remarked Veracode co-founder and CTO Chris Wysopal in a statement.

During its analysis, Veracode discovered a total of 14,000 unsafe applications. Of those, 85 percent expose SIM card contents, including device IDs, carrier information, SMS message logs, contacts and call history.

Thirty-seven percent of those apps perform suspicious security actions and could be used as a springboard for potentially dangerous breaches, alerted the company. Veracode cautioned that those actions could include “checking to see if the device is rooted or jailbroken (which allows applications to perform superuser actions such as recording conversations, disabling anti-malware, replacing firmware or viewing cached credentials such as banking passwords); installing or uninstalling applications; recording phone calls; or running other programs.”

Finally, Veracode discovered that another significant number of apps access or share personal information. Thirty-five percent of the apps analyzed by the company snoop into a user’s browser history and calendars.

The most alarming aspect is what happens next. According to Veracode, those apps often transmit “sending sensitive information to suspicious overseas locations.” Further, that information can be cobbled together “to develop a complete profile of users and their social connections,” setting the stage for corporate espionage, intellectual property theft and other illicit activities that can prove damaging to a business.

Pedro Hernandez is a contributing editor at Datamation. Follow him on Twitter @ecoINSITE.

Photo courtesy of Shutterstock.

Similar articles

Latest Articles

Data Science Market Trends...

When famed mathematician John W. Tukey postulated that advanced computing would have a profound effect on data analysis, he probably didn’t imagine the full...

Data Recovery Market Trends...

Data recovery is more important than ever in this era of constant cyber attacks and ransomware. The Verizon Data Breach Investigations Report (DBIR) looked...

Trends in Data Visualization

In a world of big data, visualization is becoming a key skill set that every business must master.  Digital technology has transformed the way businesses...

Microsoft Data Portfolio Review

With a host of analytics services for almost any situation, Microsoft Azure’s data services have got just about every base covered.   In the world...