Out of over 400,000 applications reviewed by Bit9, over 70% gained access to at least one high-risk permission. Bit9 analyzed the apps and examined the permissions requested and assessed the potential threat or vulnerability these permissions caused.
About one in four apps were classified as “suspicious” or “questionable” based on the permissions requested, category of the application, number of downloads and reputation of the publisher. Bit9 also surveyed a group of IT decision makers in the commercial sector whose IT security policies affect over 400,000 employees.
Not only do the apps pose a potential vulnerability, but so do the policies. 71% of the respondents said that employees were allowed to access company networks and data using personal devices, but only 24% of those businesses had any monitoring or controls in place to know if any apps present on the devices were accessing sensitive information. That statistic is rather disappointing given that 68% of them said security was the most important driver of their policies.
In the infographic below, Bit9 found over 100 applications with the words “Angry” and “Birds,” but only 4 are from Rovio, the popular apps’ publisher. One of those other apps (among many), “Angry Birds Wallpaper” had access to detailed GPS location services, arguably not needed for such an app to function properly.
Aside from concerns this may raise for consumers, the concerns are a magnitude larger for companies as the bring-your-own-device (BYOD) practice gains more and more acceptance. 26% of the apps get access to personal information such as email or contacts, yet 96% of employers allows users to access corporate email on their personal devices and 85% have access to calendar and scheduling.
One of the more interesting statistics out of the report is that while these companies seem to allow Android devices on their corporate systems, they also rank their perception of Android’s security as less than iOS or BlackBerry.
Does your employer let you BYOD? If so, does the company place an IT policy or control on it to prevent unwanted applications from trying to gain access to personal information that might be linked to more sensitive data?
Maxwell Ramsey has made significant contributions to PhoneArena through his detailed reporting on technology policy and advancements, such as wireless charging standards and FCC regulations, helping demystify complex topics for a broad readership.
Recommended Stories
Loading Comments...
COMMENT
All comments need to comply with our
Community Guidelines
Phonearena comments rules
A discussion is a place, where people can voice their opinion, no matter if it
is positive, neutral or negative. However, when posting, one must stay true to the topic, and not just share some
random thoughts, which are not directly related to the matter.
Things that are NOT allowed:
Off-topic talk - you must stick to the subject of discussion
Offensive, hate speech - if you want to say something, say it politely
Spam/Advertisements - these posts are deleted
Multiple accounts - one person can have only one account
Impersonations and offensive nicknames - these accounts get banned
Moderation is done by humans. We try to be as objective as possible and moderate with zero bias. If you think a
post should be moderated - please, report it.
Have a question about the rules or why you have been moderated/limited/banned? Please,
contact us.
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed: