Mobile apps are used by both individuals and companies to improve everyday life and have become in fact integral to a smooth running day. We have apps to pay, eat, exercise, travel, socialise… Concurrently, one of the largest security threats we face in society today is information-leaking mobile apps. Personal data may be leaked and collected from mobile applications and includes phone numbers, email addresses and network information – whether corporate or individual.
Not all apps are safe to download as some apps are written with malicious intent, and may corrupt your phone. As well as affecting the phone software, applications may intentionally or unintentionally release the user’s information without the user even knowing. If a mobile app leaks data, an entire organisation may be at risk.
Dangers of low security apps in the workplace
Personal mobile phone and tablet usage are now common in the workplace, making data leakage a very serious risk to business integrity. When businesses offer tablets or phones to employees for work use, many still use these for personal use, creating an environment where applications downloaded are often unmonitored. When an organisation does not know which apps are installed on employee mobile devices and how these applications behave, this poses a threat to the entire business. In April 2011, a survey by Sophos revealed that 28 percent of consumers were employed by companies where use of personal devices was encouraged. This is contrasted to the 30 percent of the employees stated that there is no security policy in their workplace protecting personal information on devices used for work reasons.
In 2016, MIT and Harvard research revealed that out of apps sharing information with third parties, seventy-three percent were Android apps (sharing personal information) and forty-seven percent of iOS apps (location data). On average, the report found that Android apps sending data that is possibly sensitive to 3.1 third party domains and iOS to 2.6 of these.
Third parties, other than organisations and individuals, should be given permission to detect and block data leaks of personal or company information. Mobile devices themselves may introduce risks to mobile applications. Code writers for applications have now more than ever more to be wary of. Mobile code security is vital to ensure that vendors are responsible with their application code and reducing risk to users.