09:24 AM

Mobile Apps Quietly Steal Your Privacy

Otherwise respectable mobile apps sometimes trample privacy with overgenerous device permissions, experts say.

10 Worst Android Apps
10 Worst Android Apps
(click image for larger view and for slideshow)
Even though the splashy headlines around mobile security revolve around mobile malware, some security and privacy advocates warn that it might actually be the mundane apps people willingly download that introduce the most risk to their devices. That's because many otherwise well-intentioned apps are asking for so much access to so many phone features that they're impinging the privacy of users--and potentially putting enterprise data at risk.

"We're not seeing a lot of malware so much ... but we are seeing a lot of privacy concerns from apps that are sharing information that people aren't aware of, or apps that have not been built securely," said Michael Sutton, VP of security research at Zscaler ThreatLabZ.

For example, he said that several months back when his researchers were doing work in the mobile space, they ran into certain iOS apps that would ask for passwords to popular services, like GoogleDocs.

"They would communicate with services, like GoogleDocs or Dropbox, and upload things and store backups," Sutton said. "All of those authentication credentials were just stored in clear text on the backup of the file, and so anybody who got a backup of your phone could go through that in plain text."

According to Sutton, the mobile space is such a "land grab" right now that businesses are desperate to have mobile apps and are willing to outsource to developers who might not be very competent at their jobs, or who just aren't given enough time to do a security review.

"I think the worst part is people think, 'I downloaded it from the store. It's safe,'" he said. "But that's not necessarily the case, and the end users mistakenly think that the gatekeepers are watching their backs."

In fact, in many cases it might not even be in the developer's best interest to keep users' privacy intact.

Read the rest of this article on Dark Reading.

Find out how to create and implement a security program that will defend against malicious and inadvertent internal incidents and satisfy government and industry mandates in our Compliance From The Inside Out report. (Free registration required.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
1/15/2012 | 4:11:17 PM
re: Mobile Apps Quietly Steal Your Privacy
This all comes back to secure development. If user privacy and security is prioritized and better threat modeling is done than a lot of these issues would drop off significantly.
Brian Prince, InformationWeek/Dark Reading Comment Moderator
User Rank: Apprentice
1/13/2012 | 6:05:41 PM
re: Mobile Apps Quietly Steal Your Privacy
Ever notice how "smart" phones make people stupid?
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
Increasing IT Agility and Speed To Drive Business Growth
Learn about the steps you'll need to take to transform your IT operation and culture into an agile organization that supports business-driving initiatives.
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.