Mobile Apps Quietly Steal Your Privacy - InformationWeek
IoT
IoT
Mobile
News
1/13/2012
09:24 AM
50%
50%

Mobile Apps Quietly Steal Your Privacy

Otherwise respectable mobile apps sometimes trample privacy with overgenerous device permissions, experts say.

10 Worst Android Apps
10 Worst Android Apps
(click image for larger view and for slideshow)
Even though the splashy headlines around mobile security revolve around mobile malware, some security and privacy advocates warn that it might actually be the mundane apps people willingly download that introduce the most risk to their devices. That's because many otherwise well-intentioned apps are asking for so much access to so many phone features that they're impinging the privacy of users--and potentially putting enterprise data at risk.

"We're not seeing a lot of malware so much ... but we are seeing a lot of privacy concerns from apps that are sharing information that people aren't aware of, or apps that have not been built securely," said Michael Sutton, VP of security research at Zscaler ThreatLabZ.

For example, he said that several months back when his researchers were doing work in the mobile space, they ran into certain iOS apps that would ask for passwords to popular services, like GoogleDocs.

"They would communicate with services, like GoogleDocs or Dropbox, and upload things and store backups," Sutton said. "All of those authentication credentials were just stored in clear text on the backup of the file, and so anybody who got a backup of your phone could go through that in plain text."

According to Sutton, the mobile space is such a "land grab" right now that businesses are desperate to have mobile apps and are willing to outsource to developers who might not be very competent at their jobs, or who just aren't given enough time to do a security review.

"I think the worst part is people think, 'I downloaded it from the store. It's safe,'" he said. "But that's not necessarily the case, and the end users mistakenly think that the gatekeepers are watching their backs."

In fact, in many cases it might not even be in the developer's best interest to keep users' privacy intact.

Read the rest of this article on Dark Reading.

Find out how to create and implement a security program that will defend against malicious and inadvertent internal incidents and satisfy government and industry mandates in our Compliance From The Inside Out report. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Bprince
50%
50%
Bprince,
User Rank: Apprentice
1/15/2012 | 4:11:17 PM
re: Mobile Apps Quietly Steal Your Privacy
This all comes back to secure development. If user privacy and security is prioritized and better threat modeling is done than a lot of these issues would drop off significantly.
Brian Prince, InformationWeek/Dark Reading Comment Moderator
Tronman
50%
50%
Tronman,
User Rank: Apprentice
1/13/2012 | 6:05:41 PM
re: Mobile Apps Quietly Steal Your Privacy
Ever notice how "smart" phones make people stupid?
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll