Feature Article

July 31, 2013

Appthority Report Reveals Apps are 'Risky Business'

It happens occasionally in our industry that double entendre turns out to be spot on when it comes to describing current trends. This is the case with the release by applications risk management company Appthority of its Summer 2013 App Reputation Report, unveiled at the Black Hat hackers conclave now taking place in Las Vegas. It is both timely and apropos.

The report highlights what its authors say are, “The hidden behaviors of popular free and paid mobile apps.” It examines how BYOD has led to the mixing of personal and corporate data on employee devices, and how the apps we use can put that data at risk, and provides insights on how some app developers collect data on users as a money-making technique.

The survey says

Highlights from the App Reputation Report are:

  • Overall, 83 percent of the most popular apps are associated with security risks and privacy issues.
  • iOS apps exhibited more risky behaviors than Android apps— 91 percent of iOS apps exhibit at least one risky behavior, as compared to 80 percent of Android apps.
  • 95 percent of the top free apps and 77.5 percent of the top paid apps exhibited at least one risky behavior.
  • 78 percent of the most popular free Android apps identify the user’s ID (UDID).
  • Even though Apple prohibits its developers from accessing the UDID, 5.5 percent of the tested iOS apps still do.
  • 72 percent of the top free apps track for the user’s location, compared to 41 percent of paid apps.
  • Although paid apps already generate revenue when downloaded, 59 percent of paid iOS and 24 percent of paid Android apps still support in-app purchasing.
  • Furthermore, 39 percent of paid iOS and 16 percent of paid Android apps still share data with ad networks.

The findings in a word are “sobering.” For those of us concerned about the use of our private information, and hopefully are taking steps to not share what we believe is nobody’s business, the facts seem to indicate the probability of that information being shared are high. The study also found that while the probabilities for using risky apps decreases when using paid versus free ones, and is greater for iOS devices than Android, nothing is immune.

Indeed, as the report shows, this type of exposure should concern us as individual users and also IT departments as BYOD becomes more pervasive in enterprises.  To again fall back on double meanings, this is risky business.  

Appthority’s used its cloud-based risk management service to perform static, dynamic and behavioral app analysis on the 400 most popular free and paid apps on the iOS and Android platforms. Appthority analyzed each app for particular behaviors within a test environment.

Appthority has created a nice infographic as visualization of the reports key findings as seen in the slideshow below.

Page 1 of 4

Are Paid Apps Safer than Free Apps?

Page 2 of 4

Are Paid Apps Safer than Free Apps?

Page 3 of 4

Are Paid Apps Safer than Free Apps?

Page 4 of 4

Are Paid Apps Safer than Free Apps?

“In analyzing both paid and free apps in our report, we’ve identified several new security trends within the global app ecosystem,” said Domingo Guerra, co-founder and president at Appthority. “For instance, we measured how paid apps – like free apps – are now supporting in-app purchasing and sharing data with ad networks as a method of generating revenue, even if it means putting user and corporate data at risk. We also discovered several popular iOS apps that access the unique device identifier (or UDID), even though Apple strictly prohibits that activity because UDIDs can be linked back to the private user information and activity as they navigate across apps.”

It is clearly a brave new world out there, and although the benefits of apps on BYOD are demonstrable, the reason so much attention is now being paid by the security industry to consolidated authentication, device and applications management and why IT departments need to take heed, is starkly portrayed in this study.  

On the enterprise side of things, containerization and using solutions that build an impenetrable wall between corporate and personal uses by devices should pop out of this analysis as a matter not just of concern but of some urgency. As to the consumer side and our personal use, this is a case where forewarned is hopefully forearmed.




Edited by Rich Steeves


FOLLOW MobilityTechzone

Subscribe to MobilityTechzone eNews

MobilityTechzone eNews delivers the latest news impacting technology in the Wireless industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter