Did you know that over 100,000 Mobile applications on Google Play were questionable or suspicious due to the types of permissions they requested, the reputation of the application's publisher and other factors.
A study has found that up to 10 per cent of mobile apps expose user passwords and login names, 25 per cent expose personally identifiable information and 40 per cent communicate with third parties. There are over one million mobile applications, and more than 1,500 new apps being released every week. The criteria for defining a Mobile application development as questionable or suspicious included permissions requested by the application, categorization of the application, user rating, number of downloads and the reputation of the application's publisher.
Hundreds of applications were analysed, and found that many popular apps leave user names and passwords unencrypted, while others are insecurely sharing personal information — such as names, email addresses and phone numbers — as well as communicating with third parties, including advertisers. In its examination of more than 400,000 Android apps, it was found that 72 percent use at least one high-risk permission. In addition, 42 percent of the apps access GPS location data, including wallpapers, games and utilities; 31 percent access phone calls or phone numbers; 26 percent access personal data, such as contacts and email; and 9 percent use permissions that can cost the user money.
Over 26 percent of apps in Google Play have access to personal information such as contacts and email, and over 96 percent of employers, who permit personal devices to access their networks, allow employees to connect to company email and contacts. So as more companies allow their employees to access their organizational data from personal devices, employers must recognize the threats to their intellectual property posed by unmonitored devices.
Most consumers are willing to click “Allow” for mobile apps in situations they probably would never have allowed on a Windows computer. This is because people do not yet consider their smartphones as vulnerable or as sensitive as they do their desktops and laptops, even those smartphones are essentially just smaller computers, and debatably store even more personal information than the average laptop. Even if an app has not been compromised by hackers, permissions still matter. For one, there will always be cases where a malicious app is not recognized or has not yet been exploited so knowing what that app is capable of doing is important in understanding risk. Secondly, user privacy can be compromised by developers building with functionality in mind rather than security.
If they are transmitting or storing your personal data in an insecure manner, some other app or malicious actor might be able to steal it. So again, knowing what an app can access is important in deciding how much trust you should have on the app or the publisher before using that app. In a survey of IT security decision makers, it was found that although 78 percent feel phone makers do not focus enough on security, almost an identical number (71 percent) allow employees to bring their own smartphones to the workplace. In addition, though 68 percent rank security as their most important concern when deciding whether to allow employees to bring their personal devices to work, only 24 percent of companies employ any sort of application control or monitoring to know what applications are running on employees' mobile devices and only 37 percent have deployed any form of malware protection on employee-owned devices.
Users who download Mobile apps, even from trusted sources, assume security measures are built in. However, that is not always the case.
A study has found that up to 10 per cent of mobile apps expose user passwords and login names, 25 per cent expose personally identifiable information and 40 per cent communicate with third parties. There are over one million mobile applications, and more than 1,500 new apps being released every week. The criteria for defining a Mobile application development as questionable or suspicious included permissions requested by the application, categorization of the application, user rating, number of downloads and the reputation of the application's publisher.
Hundreds of applications were analysed, and found that many popular apps leave user names and passwords unencrypted, while others are insecurely sharing personal information — such as names, email addresses and phone numbers — as well as communicating with third parties, including advertisers. In its examination of more than 400,000 Android apps, it was found that 72 percent use at least one high-risk permission. In addition, 42 percent of the apps access GPS location data, including wallpapers, games and utilities; 31 percent access phone calls or phone numbers; 26 percent access personal data, such as contacts and email; and 9 percent use permissions that can cost the user money.
Over 26 percent of apps in Google Play have access to personal information such as contacts and email, and over 96 percent of employers, who permit personal devices to access their networks, allow employees to connect to company email and contacts. So as more companies allow their employees to access their organizational data from personal devices, employers must recognize the threats to their intellectual property posed by unmonitored devices.
Most consumers are willing to click “Allow” for mobile apps in situations they probably would never have allowed on a Windows computer. This is because people do not yet consider their smartphones as vulnerable or as sensitive as they do their desktops and laptops, even those smartphones are essentially just smaller computers, and debatably store even more personal information than the average laptop. Even if an app has not been compromised by hackers, permissions still matter. For one, there will always be cases where a malicious app is not recognized or has not yet been exploited so knowing what that app is capable of doing is important in understanding risk. Secondly, user privacy can be compromised by developers building with functionality in mind rather than security.
If they are transmitting or storing your personal data in an insecure manner, some other app or malicious actor might be able to steal it. So again, knowing what an app can access is important in deciding how much trust you should have on the app or the publisher before using that app. In a survey of IT security decision makers, it was found that although 78 percent feel phone makers do not focus enough on security, almost an identical number (71 percent) allow employees to bring their own smartphones to the workplace. In addition, though 68 percent rank security as their most important concern when deciding whether to allow employees to bring their personal devices to work, only 24 percent of companies employ any sort of application control or monitoring to know what applications are running on employees' mobile devices and only 37 percent have deployed any form of malware protection on employee-owned devices.
Users who download Mobile apps, even from trusted sources, assume security measures are built in. However, that is not always the case.
For more information about iphone application development, android application development , Mobile application development please visit www.srishtis.com
No comments:
Post a Comment