Two application store problems were noted this week. The two aren’t deeply connected — except for the fact that they reinforce the need for businesses to at least consider moving to their own enterprise app store.
One of the issues is a Russian app called Find and Call that is a problem for both iOS and Android. The app bills itself as an address book organization tool. In reality, according to the eWeek story, the app is said by Kaspersky Labs to upload the host phone’s address book to a remote server where, presumably, all sorts of nasty things happen. The story says that the maker of the app reportedly says that the problem is a bug it is fixing.
Ars Technica suggested that Find and Call is significant:
Find and Call can no longer be found on the iOS App Store on our end, though Kaspersky (and several other publications) claim it's still searchable for some users. The discovery is significant because it's the first time a truly malicious app has made its way through Apple's approval process. (Kaspersky points out that the malware in the Google Play Android store is "nothing new"). An app that exploited an iOS security flaw did make it through Apple's approval process once before, but it was a proof-of-concept app written by renowned security researcher Charlie Miller.
The other problem was internal to Apple’s App Store. What InformationWeek reports is an issue related to how application files are processed that has led to more than 100 recently updated apps crashing when launched. This apparently was not the result of malware, and TechCruch reported on July 5 that Apple is working on the problem.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
The big picture here is that enterprises need to be very careful about the public application markets. It of course is impossible to keep employees out of them. Some workers will download apps that enhance their productivity. Companies that support bring-your-own-device (BYOD) platforms will also be exposed to purely consumer apps.
To the extent possible, however, companies should consider migrating to enterprise app stores. They potentially are more secure — for no other reason than they are smaller — and more geared toward corporate users. CIO offers five pieces of advice in the form of mistakes to avoid. These involve creating a good user interface, paying attention to security, working to integrate social media into the mix, making sure that feedback can be gathered easily and enabling users to find what they need quickly.
It’s been said for some time that app stores are the next frontier in security. For that reason alone, enterprises should move as much as possible to enterprise marketplaces. The good news is that there are a number of other benefits as well.