Want to know a primary reason why CIOs and other IT professionals worry about the rise of personal smartphones and tablets being used on the company network? Arxan Technologies’ second annual State of Security in the App Economy report provides a good answer: 78 percent of the most popular Android and iOS apps were hacked. And as eSecurity Planet added:
100 percent of the top paid Android apps and 56 percent of the top 100 paid iOS apps were found to be compromised.
If you prefer to download free apps, the numbers are actually lower: 73 percent of free Android apps and 53 percent of free iOS apps were compromised. So, I guess being cheap pays off. The other bit of good news is that the report found that the number of compromised apps has actually fallen from 2012 to 2013.
In the article, Arxan Technologies CTO Kevin Morgan said:
"The widespread use of 'cracked' apps represents a real and present danger given the explosion of smartphone and tablet use in the workplace and home. Not only is IP theft costing software stakeholders millions of dollars every year, but unprotected apps are vulnerable to tampering: either through installed malware or through decompiling and reverse engineering—enabling hackers to analyze code and target core security or business logic that is protecting or enabling access to sensitive corporate data.
Security experts say that one of the greatest concerns with BYOD is downloading apps. No consensus has been reached on how to oversee what employees add to their personal devices, or if the IT department should have any say in the matter at all. Add to that the lack of security on consumer devices in general, and well, you can see why mobile apps are a serious threat concern.
Interestingly enough, in an email to me with his security predictions, Art Coviello, executive chairman of RSA, said he believes 2014 will be the tipping point of mobile malware. Coviello said:
As businesses provide greater mobile access to critical business applications and sensitive data and consumers increasingly adopt mobile banking, it is easy to see that mobile malware will rapidly grow in sophistication and ubiquity in 2014. We’ve already seen a strong uptick in both over the past few months and expect this is just the beginning of a huge wave. We will see some high-profile mobile breaches before companies and consumers realize the risk and take appropriate steps to mitigate it.
Will it take a major mobile breach for people to better understand the risks found in apps? I guess we’ll see.