Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Employee Holiday Gift Shopping on Company-Issued & "BYOD" Devices Could Create Data Security Risks for Enterprises

December 2015 by Flexera Software

Flexera Software released a new enterprise Application Readiness report detailing potential risks to enterprises whose employees use popular Apple iOS apps (downloadable from the public App Store) to conduct holiday shopping on company-issued or "Bring Your Own Device" (BYOD) phones.

The report found, among other things, that of the 26 popular Apple iOS shopping apps tested:

• 92 percent - all except for Banana Republic and Trunk Club - are capable of accessing an Apple iOS device’s GPS location tracking service.

• 69 percent, including Amazon, Disney Store, eBay, Groupon, Macy’s, Nordstrom, REI, Shutterfly, Starbucks and Target, are capable of accessing an Apple iOS device’s social media apps.

• 65 percent, including Amazon, Best Buy, Disney Store, eBay, Macy’s, REI, Starbucks, Target and Walmart are able to gain access to an iOS device’s address book.

• 58 percent, including Amazon, eBay, Etsy, Groupon, Macy’s, Nordstrom, Shutterfly and Walmart are able to gain access to the iOS device’s SMS messaging features.

The ability of employee-downloaded apps to access sensitive corporate data and device functions could present a potential risk to enterprises and violate their BYOD policies. Examples of these risks are playing out in the headlines, including the instance of a popular flashlight app that transmitted user locations and device identifiers to ad networks; or a mobile device game app that, unbeknownst to a Federal employee playing it, tweeted out an embarrassing message to the EPA’s 52,000 Twitter followers (the organisation’s Twitter account, not the employee’s, was tied to the device).

To compile the report, Flexera Software identified 26 popular shopping apps,[1] representing a small sampling of the thousands of shopping apps that can be found in the Apple App Store and that could easily be downloaded by employees to a corporate-issued or BYOD device. These apps were tested using AdminStudio Mobile, an Application Readiness solution that helps organisations identify, manage, track and report on mobile apps, simplify mobile application management, reduce mobile app risk and address the rapidly growing demand for mobile apps in the enterprise.

"Most organisations have standardised Application Readiness processes to test enterprise apps for potential deployment problems and risks, but when it comes to understanding and testing mobile apps, we’re still in ‘the wild west.’ IT Operations teams largely do not understand what mobile apps do and what functionality and data they can access - and this makes it extremely difficult to create and enforce effective BYOD policies," said Maureen Polte, Vice President of Product Management at Flexera Software. "If employees are using corporate or BYOD devices for holiday shopping, it’s critical that IT Operations and security professionals understand which apps employees are using, what features, functions and data those apps can access - and whether that use is in compliance with the organisation’s BYOD policy."


[1] The apps tested were: Amazon, BestBuy, Banana Republic, Disney Store, eBay, Etsy, Express, Gap, Groupon, Ikea, LivingSocial, Macy’s, Nordstom, PriceJump, RedLaser, REI, RetailMeNot, Rue La La, Shop Advisor, Shop Savvy, ShopStyle, ShutterFly, Starbucks, Target, Trunk Club, Walmart


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts