In our first two posts in this series, we discussed the challenges of Android in the enterprise and provided tips to help secure Android to enable its adoption. In this post, we’ll dive into the potential threats and risky behaviors of mobile apps for Android.
Mobile devices and apps are no longer an option for the enterprise, but a necessity. They help employees become more productive in this increasingly mobile world. Unfortunately, in this on-demand app environment, many employees simply won’t wait for company issued tools. Instead, they find and use business apps on their own.
The result? IT has virtually no control and visibility over what apps are accessing corporate data, where the apps are downloaded from or what risks these apps may pose the enterprise. Industry analyst, Gartner, claims that 75% of all mobile apps will fail basic security tests. This is an alarming percentage, given the growing number of employees downloading and using the apps of their choice to access enterprise data and networks.
The mobile app risk is especially acute for Android. Due to the open nature of Android, apps can be downloaded from countless sources, such as Google Play, third-party app stores and even users sideloading apps to their phones. IT simply cannot track the validity and safety of all of these apps.
Symantec has developed unique and dynamic app intelligence by analyzing over 15 million apps across 200+ app stores, including Google Play. We’ve identified that more than 20% of these apps are malicious. While malware is a growing concern, as Android takes more of the market share; another, larger concern is focused on the behavior of the apps themselves. These risky app behaviors include:
- Tracking users. Mobile spy apps track activity on a mobile device. They collect texts and call logs, monitor GPS coordinates, record calls, and grab photos and videos. The volume of user-tracking incidents increased in 2013 from 15 percent to 30 percent, indicating that this type of user data is becoming more commercially valuable to hackers.
- Stealing information. Some apps collect device-specific and user-specific data, such as device information, configuration data, and personal and enterprise content.
- Reconfiguring devices. These apps elevate privileges or modify settings in a device’s operating system, which can open the door to attackers.
- Piggybacking on accounts. Many apps cost organizations money by using mobile accounts to send text messages, make phone calls, or consume data.
- Compromising two-factor authentication. Some apps intercept text messages carrying one-time login codes, enabling hackers to gain unauthorized access to user accounts.
- Leveraging mobile OS vulnerabilities. The recent Android Fake ID vulnerability enabled hackers to steal personal information such as passwords and financial data from Android users via an app that used phony security credentials to access other apps on a user’s device.
Symantec’s exclusive technology, Norton Mobile Insight and Norton Community Watch, can help protect the organization from these mobile threats. By performing real-time static and dynamic analysis combined with machine learning, Norton Mobile Insight understands an apps behavior and the risks involved in keeping an app on a device. Norton Community Watch is a vibrant network of millions of users who allow Symantec to collect anonymous metadata, performance data and previously unseen apps on their devices (25% of the apps analyzed were not distributed via apps stores).
This data and analysis combined with robust policy controls in Symantec Mobility: Suite help protect the enterprise against data leaks via apps, malicious apps, so IT administrators can have one less challenge to deal with while trying to adopt Android into their workforce.