The Apple® App Store® celebrates its 10th anniversary and the original Android store isn’t far behind. Together, the Apple App Store and the Google Play™ store boast more than five million mobile apps and counting, and that figure doesn’t even include apps from countless third-party stores.
It’s no surprise that people increasingly rely on mobile apps for all facets of their lives and use several per day. But what you may not realize is that just because an app comes from a reputable source doesn’t mean it’s safe. In fact, the first half of 2018 alone saw 312 disclosed security vulnerabilities for Android apps and 87 for Apple iOS, according to CVEdetails.com.
App vulnerabilities abound
Even more alarming, 85% of mobile apps violate at least one or more of the Open Web Application Security Project (OWASP) Mobile Top 10 areas of risk, according to NowSecure’s benchmark testing. NowSecure found more than half of tested apps have security flaws that compromise their ability to protect data in transit and at rest. Nearly one-third of apps suffered from coding problems. Android apps in particular exhibited coding issues that that could expose them to reverse engineering or other exploits.
The vulnerabilities in the mobile apps employees install on their corporate and personal devices present significant danger to your organization. For example, an attacker could exploit a mobile app to compromise systems, steal intellectual property or spy on staff. Introducing risky apps to the enterprise also jeopardizes compliance with an array of regulations that affect your industry, such as GDPR, PCI, FFIEC, NIAP, and HIPAA, to name a few.
Take protective measures
Protect your organization by carefully considering the security risks presented by the mobile apps you build, buy and download. Are they safe to introduce into the enterprise environment or do they present an unacceptable level of risk that outweighs the potential benefit?
The sooner you figure this out, the better — Symantec’s research shows that risks worsen over time. One in five mobile devices are subject to attacks in their first month of use, and the exposure rises to three in seven mobile devices after four months, the 2018 Internet Security Threat Report finds.
Cybersecurity best practices call for thoroughly analyzing all potential attack vectors and assuming all mobile apps are untrusted unless proven otherwise. If your IT security team lacks the time or skills to vet mobile apps from the Apple or Google Play stores, consider partnering with an expert in mobile application security testing and subscribing to a risk intelligence service.
Go here to request a free report about the security, compliance and privacy status of an Apple App Store or Google Play store app of your choice and learn more about tools for evaluating the mobile apps that power your organization.