Proofpoint researchers recently analyzed a wide variety of apps available on iOS and Android app stores and quantified the extent of the risk to users… and their personal and company data
December 2015 by Proofpoint
The study reveals that from card games , flashlights, holy books, some apps steal data, track users’ location, message contacts, and make unauthorized calls.
Please find below the main information of the study
• Proofpoint researchers recently analyzed 38,000 gambling, flashlight and holy book mobile applications and found that appearances can’t always be trusted. An alarming number are stealing data, tracking users’ locations, accessing contacts and even making unauthorized calls.
• Of the 23,000 free gambling applications examined, nearly 14 percent exhibited risky behavior including conducting an alarming amount of external server communication. In total, more than 1,800 servers across 41 countries are receiving user data.
• Bible applications had the highest rate of malicious code than any other category in this research with 3.7 percent or 26 out of 5,600 applications. Proofpoint defines malicious code as code that attempts to exploit the mobile OS in order to access data and services for which they do not have permission.
• Proofpoint analysis found that one of the most popular Bible apps sends data to sixteen servers in three different countries. It reads the user’s SMS messages, address book, and device and phone information, tries to exploit cross-app interaction if the device is rooted, and can even make phone calls on your behalf.
• Similar analysis was conducted on Quran applications and researchers found one of the ten most-downloaded apps is clearly riskware. It installs itself as a boot-time app and communicates to thirty-one different servers, reads SMS messages, sends messages from the user and can look up the user’s GPS location.
• Something as seemingly utilitarian as a flashlight application can even host malicious code and communicate user data to app owners. Of the 5,600 applications examined, more than 678 servers across 28 countries are actively receiving data on from these apps.
• The existence – and surprising prevalence – of riskware in seemingly legitimate apps is a valuable reminder that organizations need a mobile app security strategy. Organizations should define policies and deploy solutions that enable them to identify and control these apps before they can impact security posture.