By Not Reviewing Mobile App Policies, Users Put Themselves at Risk

    The other day, I downloaded an app that I know will make a particular task much easier. I also downloaded an app that will allow me to follow my favorite baseball team when I’m not at home. Mobile apps have become such a regular part of my life, both personal and professional, that I’ve come to take them for granted. I’m sure I’m not alone in this.

    But in doing so, I could be putting myself, the networks I connect to, and the data I access or store on those devices at huge risk. Realistically, I know that, but a new study from RiskIQ confirmed that we are regularly jeopardizing our devices, our data, and our identities in order to meet our insatiable demand for mobile apps.

    The report found that not quite half (47 percent) of us will sometimes review the permissions and privacy policy of an app before downloading, while 36 percent don’t bother to review before downloading at all. I admit that the 47 percent number sounded a bit high to me, while the 36 percent was on the low side. (Full disclosure, until recently I probably would have fallen into the never check category because I was more interested in what the app could do for me, not what it could do to me. One of my 2017 resolutions, however, is to be more aware of what’s on my phone, and I’ve skipped apps because of their permissions policies.)

    The statistic that surprised me most was the 66 percent who admit they click on the ads promoting a certain app and the 60 percent who have downloaded an app from outside the trusted app marketplace (from an email or social media link, for instance). We’ve had it pounded into our heads for years about the risks involved in these areas, and yet, we continue to ignore the risks and take our chances.

    The RiskIQ study focused on consumer use of mobile apps and consumer security, and in response to that, Scott Gordon, chief marketing officer at RiskIQ, said this in a formal statement:

    Unlike businesses that have become increasingly cyber security savvy, many consumers remain vulnerable in an ever sophisticated threat landscape. With the volume of personal information being requested and shared through mobile applications, it is time for consumers to improve their online behavior and step up security awareness.

    I continue to see conversations that separate consumer from business when it comes to security, and I don’t think we can do that anymore. First of all, BYOD plays too big a role in the workplace, and the lines between corporate and consumer use are too blurred. Secondly, I’m no longer buying the argument that consumers aren’t security aware. If business is doing its job of educating employees on security behaviors, why isn’t that carrying over to the personal side? I agree with Gordon that it’s time for consumers to improve their online behavior and security awareness, but I’ll add that it is time for consumers to take what they’ve learned on the job and apply it everywhere.

    What are you doing to promote mobile app security awareness in your organization and how do you carry that over to BYOD?

    Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba

    Sue Poremba
    Sue Poremba
    Sue Poremba is freelance writer based on Central PA. She's been writing about cybersecurity and technology trends since 2008.

    Latest Articles