This week, we unveiled a new application reputation feature to provide enterprises with detailed insight into the applications that are run on employee mobile devices. With this new feature, companies can analyze the data being collected, stored or transmitted from mobile applications, enabling them to discover the potential risk of applications and make informed policies to prevent compromises or data loss. See the press release for more details.
Ryan W. Smith, our lead threat engineer, explained the problem to Tim Wilson at Dark Reading: “When we first come into a customer site, most of them have no idea what apps their users have installed on their devices, or what their risk exposure might be. They are accepting a level of risk on their mobile devices that they would never accept on PCs.”
In SecurityWeek, Ryan was quoted as saying: “Some of the most significant risk factors affecting corporate employees and individual mobile users, such as data loss and PII collection, occur not by the application itself, but within mobile advertising libraries and other library components such as social media or analytic tools.”
From Network World: “Unfortunately, when you give permission to an app to access your private or sensitive data, you’re also giving access to each of the included libraries and their author(s), whether you know it or not. This is like entrusting your house keys to your teenage child for the weekend, only to have them immediately make copies for their friends, unbeknownst to you.”
As you can see in the graph below, the majority to apps contain third-party ad libraries. In fact, at least 78% of all applications downloaded by business users connect to either an ad network, social media API, or analytics API – putting their personal information and their company’s sensitive data at risk. More details about how mobile ad libraries create risks for enterprise data are available in Ryan’s blog post.