As the popularity of Apple’s ITunes or Google’s Play Store confirms, applications are a major part of mobile device usages. However, as they become more widespread and more powerful, apps can also create security challenges for BYOD policies. The apps that are downloaded to a device used for work could be accessing and/or sharing sensitive corporate information.
There are millions of apps available now, and more are being created every day. Some of these applications are simple games, while others contain useful functions and information that could actually be quite valuable to the employee and the business.
The challenge is trying to determine with certainty if a particular app is going to keep your confidential information protected. There are many reputable apps out there that are very straightforward when it comes to asking for permission to access data. Others are not nearly as upfront about this question.
Even if you ask your employees within your BYOD network to read the application’s terms and conditions before downloading or allowing any permissions, this does not mean that your information will be safe. According to SC Magazine, many applications will use generic and/or deceptive language in their agreements, sometimes asking for permission to do one thing, but really doing another.
Even the most innocuous apps can potentially do significant harm to your business. These applications are often able to access a lot of data within your mobile device. They could have access to your contact lists, photos, email, calendar and many other files.
Many of these apps, unless they are shut down properly, will continually operate in the background, consistently accessing data and gradually draining the battery of the device.
What do the apps do with the information? Some will use your contact lists to promote the app to your friends and colleagues. This may be irritating and unprofessional, but is not particularly dangerous.
The digital security problems occur when the app developers pull information from your devices and sell this data to third parties, which are typically marketers and analytics companies. Allowing app developers or these third parties to access company information can potentially be very dangerous and costly for the business, its colleagues and its customers.
SC Magazine reports that the free applications are more likely to be guilty of gathering and selling your information than paid apps. This is because the companies that develop these applications need alternative ways of generating revenue, and they use the sale of information instead of charging for the app itself.
Applications rely heavily on the use of various types of information collected by the device, and they will often use clever tactics to get around permissions issues.
For example, some applications will ask permission before accessing GPS location data. If you, or your employee within your BYOD network, deny the application this permission, the app may use other methods of tracking your location. The app may use GOIP tracking or may use your wireless connection in order to gather this data.
Many users of applications do not realize the full extent of what they are agreeing to when they do provide permission to an application wishing to collect data. The app, and all third parties that operate within the app, are then able to extract information.
While BYOD policies are becoming very popular, they must be implemented carefully. The latest App Reputation Report stated that 79% of the most popular iOS and Android applications have some type of security or privacy issue. Employers creating BYOD policies should consult with digital forensics specialists to develop a strategy to address these risks.
If you have further questions about mobile security, please contact us today for an initial consultation or assessment.