Otherwise respectable mobile apps sometimes trample privacy with overgenerous device permissions, experts say.
10 Worst Android Apps
(click image for larger view and for slideshow)
Even though the splashy headlines around mobile security revolve around mobile malware, some security and privacy advocates warn that it might actually be the mundane apps people willingly download that introduce the most risk to their devices. That's because many otherwise well-intentioned apps are asking for so much access to so many phone features that they're impinging the privacy of users--and potentially putting enterprise data at risk.
"We're not seeing a lot of malware so much ... but we are seeing a lot of privacy concerns from apps that are sharing information that people aren't aware of, or apps that have not been built securely," said Michael Sutton, VP of security research at Zscaler ThreatLabZ.
For example, he said that several months back when his researchers were doing work in the mobile space, they ran into certain iOS apps that would ask for passwords to popular services, like GoogleDocs.
"They would communicate with services, like GoogleDocs or Dropbox, and upload things and store backups," Sutton said. "All of those authentication credentials were just stored in clear text on the backup of the file, and so anybody who got a backup of your phone could go through that in plain text."
According to Sutton, the mobile space is such a "land grab" right now that businesses are desperate to have mobile apps and are willing to outsource to developers who might not be very competent at their jobs, or who just aren't given enough time to do a security review.
"I think the worst part is people think, 'I downloaded it from the store. It's safe,'" he said. "But that's not necessarily the case, and the end users mistakenly think that the gatekeepers are watching their backs."
In fact, in many cases it might not even be in the developer's best interest to keep users' privacy intact.
Find out how to create and implement a security program that will defend against malicious and inadvertent internal incidents and satisfy government and industry mandates in our Compliance From The Inside Out report. (Free registration required.)
InformationWeek Elite 100Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
The UC Infrastructure TrapWorries about subpar networks tanking unified communications programs could be valid: Thirty-one percent of respondents have rolled capabilities out to less than 10% of users vs. 21% delivering UC to 76% or more. Is low uptake a result of strained infrastructures delivering poor performance?