As a smartphone and tablet user, the odds are that from a security perspective you think that you are well protected, that your passwords are safe, and that information would only find its way off your mobile device if you chose to let it go elsewhere, but otherwise, would never do so. We’re willing to bet that you think about security in an abstract way, that you have done a good job of creating passwords with enough upper and lower case letters, special symbols, and numbers in obscure patterns to be completely safe (that you have strong passwords).
What if you were to discover that 10 percent of mobile apps actually leak passwords? Or that 40 percent of mobile apps communicate with third parties even though you’ve not given them such privileges? Let’s add here as well that the 10 percent password leakage has nothing to do with the quality of your passwords – they are leaked regardless of whether your password is “1234” or “as;djkP)LKj][ASD-122(*&(*&qWe.” We admit it can be a deflating thought.
So does Zscaler, a vendor primarily focused on developing secure cloud gateway solutions. Zscaler runs one of the world’s largest – if not the largest - secure cloud gateway, which has been built to safely enable users doing business beyond the corporate network. The gateway processes over 7 billion transactions a day with near-zero latency generated by over nine million users in 188 countries. Over 3,000 global enterprises use Zscaler to simplify IT operations, consolidate point security products, and securely enable businesses for mobility, cloud environments and social media.
The company announced today the results of an analysis it ran through ThreatLabZ, the company’s security research arm. That analysis has revealed that:
· Up to 10 percent of mobile apps expose user passwords and login names
· 25 percent expose personally identifiable information
· 40 percent communicate with third parties
The analysis was conducted using the newly released ThreatLabZ Zscaler Application Profiler (ZAP), a free online tool that makes it easy for users to assess mobile apps for security risks.
Image via Shutterstock
Keep in mind that we’ve just crossed the threshold of 25 billion app loads, that there are now over one million available mobile applications in the Apple App Store and on Google Play, and that more than 1,500 new apps are released every week. Users who download these apps, even from trusted sources, simply assume for the most part that, as we noted above, reliable security measures are built in.
The folks at Zscaler ThreatLabZ analyzed hundreds of applications – not thousands, and even among this relatively small sample, found that many popular apps leave user names and passwords unencrypted, while others share personal information such as names, email addresses and phone numbers. They also directly communicate with third parties, including of course advertisers.
The company, believing that an educated customer is the best possible customer, has created ZAP to allow both existing customers as well as potential customers to simply assess their apps themselves. The Zscaler Application Profiler is an easy to use online tool that allows users to search the name of any iOS or Android mobile app. ZAP will then deliver an instant assessment of its security and privacy risks, along with an overall risk score.
Users can also use ZAP to scan traffic from an app installed on their device to see whether their own data is being exposed. No real technical expertise is needed to use ZAP. As more users submit mobile apps for analysis, Zscaler’s ThreatLabZ team adds the results to the ZAP database, in effect “crowdsourcing” the security profiles of thousands of mobile apps.
An excellent blog post complete with a video walkthrough is available on the Zscaler website. Put ZAP to use and let us know what you discover about the security of your apps.
Edited by
Allison Boccamazzo
QUICK LINKS 
