As if IT admins weren’t busy enough securing end-users’ computers, servers, and the network, they now need to come up with ways to protect end-users’ phones. Not only are malicious hackers devising ways to eavesdrop on targets’ private phone conversations, but new research shows that many of the free apps available for the popular iPhone and Android platforms are capable of gathering sensitive user data.
Mobile security firm Lookout analyzed some 300,000 applications for the iPhone and Android and discovered a relatively small — though not negligible — portion of them are capable of determining a user’s location, as well as his or her full contact information, pictures, text messages, and Internet and search histories.
That sort of data could be used for relatively harmless activities, such as marketing, but it also could find its way into the hands of cyber criminals and be used for nefarious deeds.
Broken down between the iPhone and Android platforms, Lookout found:
- 28 percent of the apps in the iPhone App Store are free, whereas 64 percent of the available apps for Android are free
- 29 percent of free applications on Android have the capability to access a user’s location, compared with 33 percent of free applications on the iPhone
- Nearly twice as many free applications have the capability to access user’s contact data on iPhone (14 percent) compared to Android (8 percent)
- 47 percent of free Android apps include code from third parties for mobile advertising and analytics purposes, compared to 23 percent on iPhone
Lookout notes that end-users are prone to blithely downloading apps, then breezing through the permissions screens during the installation process, oblivious to just what kind of data they’re permitting their new apps to access and transmit. The average user has 22 apps on his or her smartphone, according to Nielsen. Also, Nielsen reports that that 14 percent of mobile subscribers have downloaded an app in the last 30 days.
This type of snooping software is only one of the emerging threats for smartphones. The number of malware and spyware programs found on such devices has more than doubled in the past six months, according to Dark Reading. Lookout found about nine instances of malware and spyware per 100 smartphones in a study in June, more than twice the number it found last November.
Smartphone management strategies are still in their infancy, but clearly any organization where employees rely on phones to do business need to start taking mobile security seriously.