Before You Approve That App: Build a Vetting Process That Actually Works

Learn how to replace ad hoc app reviews with a scalable vetting process, spot hidden risks like AI components, and make defensible approval decisions with real-world examples.

Register Now
Live Webinar
Live Webinar: Build a Better App Vetting Process Live Webinar: Build a Better App Vetting Process Register Now
magnifying glass icon

Nation-State Hackers Target Phones of Presidential Campaigns: Key Takeaways from NowSecure CEO

Posted by
Alan Snyder NowSecure CEO

Alan Snyder

CEO
NowSecure CEO Alan Snyder is responsible for accelerating the growth and scaling of the organization as it continues to help enterprises assure the security of their mobile apps and workforces. Alan has deep mobile security expertise resulting from more than 10 years in leadership roles at companies in the enterprise mobility space.
Industry News

The New York Times and the Wall Street Journal reported on a group of nation-state hackers targeting the phones of dozens of high-level people in the Trump and the Harris campaigns, including the candidates themselves as well as journalists covering the hacking group. These hackers understood that almost all critical business functions and communications would run through their phones, particularly on the campaign trail.

While the hack happened at the network level, this incident underscores that information security revolves around data and how the mobile apps on the device manage and communicate data. 

How BYOD Compromised Security for U.S. Agents & a Leading Bank CEO

This year we helped a federal government agency identify a major vulnerability that made its agents discoverable to adversaries via mobile apps on its agents’ personal devices. Though the agents had locked-down mobile devices provided by the agency, they also simultaneously carried personal devices. These personal devices each had dozens of the sort of apps you could expect from any consumer device such as social media, news and shopping. These apps leaked various personal data such as location, names and behavior, some of which routed data through servers run in countries of particular concern. In aggregate, these data leaks enabled nation states to identify and track agents. 

By working with NowSecure, the agency attained a systematic way to evaluate the risk of thousands of personal and professional mobile applications. Mobile application security testing results help them understand the type of data gathered and transmitted, as well as transmission methods (for instance, was it securely encrypted in motion or could someone who intercept the network communications to easily view the data?). The agency now provides clear guidance to its agents about the security risks associated with specific apps on their personal devices and how to remediate. 

Similarly, the team managing the security for the C-suite and the board for one of the largest U.S. banks approached NowSecure about how to assess information security for its CEO’s smartphone. They were surprised that all we needed was a list of the apps and almost immediately came back with a quantitative and qualitative risk assessment for each app. 

By working with NowSecure, a federal agency attained a systematic way to evaluate the risk of thousands of personal and professional mobile applications.

Mobile Application Risk Intelligence (MARI)

Read More

A Systematic Approach to Evaluating Mobile App Risk in the Age of AI

It’s not realistic to expect executives and employees to never conduct business on their phones. But mobile application security teams also have to recognize that Artificial Intelligence (AI)  has incentivized app creators to collect ever more types and volumes of user data in order to train ever larger models. 

Our approach is to be programmatic about mobile app risk management. If you can make it easy for security teams to evaluate the specific risks of any new personal or productivity app, they can provide clear guidance about what should or shouldn’t be on the same mobile device on which sensitive work transpires. 

We call this solution Mobile App Risk Intelligence (MARI). NowSecure MARI provides a simplified dashboard to compare dozens or hundreds of third-party mobile apps at a time based on our proprietary mobile application security, compliance and privacy assessment of tens of thousands of iOS and Android apps. MARI displays specific vulnerabilities such as types of data being collected, how that data is being transmitted and if it’s being encrypted properly and determines a risk rating for each app. 

If you or an organization you manage would be targeted by sophisticated hackers acting on behalf of nation states or for-profit ransomware gangs attempting corporate blackmail, reach out to speak to our security experts. We help you view mobile app risk management holistically across the apps your employees build or use, prioritize vulnerabilities to address based on business risk, and orchestrate remediation with dev, security, vendors and global risk and compliance teams. 

Related Content

NowSecure Mobile App Risk Intelligence (MARI) Safeguards Mobile App Ecosystems
Top 5 Mobile App Security Breaches of 2023
Infographic
Pandas and Tigers and Bears: Reasons to Worry About State-Sponsored Mobile Cyberattacks