Businesses beware: mobile apps pose privacy threats

With smartphone use becoming all but ubiquitous in Australian enterprises, it should be cause for alarm that one in three apps access personal information, yet most Australians aren’t concerned about mobile threats.

Research from Norton by Symantec suggests that nearly a third of Android apps regularly access SIM card information such as address book details, mobile PIN numbers and call history. Furthermore, nearly 13% access and send a user’s phone number.

Apps regularly access personally identifying information including usernames, passwords, calendar details, call log information and even pictures and text messages, Symantec Head of Norton for Pacific Region Mark Gorrie said.

“In today’s connected world, mobile devices are more than mini computers in our pockets - they are digital warehouses storing our most personal moments and information, such as photos and videos, conversations with friends and family, health and fitness information, financial data and more,” he said.

“However, most consumers unknowingly - sometimes even willingly - put personal information which resides on their mobile phones at risk, compromising their privacy.”

A survey of Australian mobile consumers finds that 53% do not worry about getting a virus on their smartphone, and nearly one in three admit that they don’t know what information they’re agreeing to share when downloading an app.

This puts Australian respondents significantly behind the global average when it comes to concerns about mobile security risks - only 37% of respondents worldwide were not worried about mobile viruses.

More than one in three Australian smartphone users would readily give up their location information in exchange for downloading a free app.

Conversely, some 70% of Australian respondents report being concerned about protecting their financial information and 68% are worried about securing their usernames and passwords.

Adobe said the results suggest that smartphone users are their own worst enemies when it comes to mobile privacy. The implications for enterprises in the BYOD era are significant.

Mobile users worldwide are also often ignorant of the power of mobile apps to access information from the handset. Nearly half are unaware of an app’s ability to access location information, and a third are not aware that apps can modify browser bookmarks, access the phone’s camera and microphone, or send photos to the app developer.

“Central to this issue is consumers who fail to read end-user licence agreements (EULA) or don’t necessarily understand what they’re agreeing to before downloading mobile apps,” Gorrie said. “Many users fail to understand how they may be compromising their own privacy when accepting app permissions.”

Norton estimates that there were around 3 million malicious mobile apps in the wild by October 2014. A further 8 million apps were vulnerable to privacy leaks or annoying behaviours.

Known mobile malware families meanwhile increased 69% from 2012 to 2013, and known mobile malware samples grew nearly fourfold over the same period.

To guard against these threats, the company recommends that mobile users install security software on their devices and ensure they only download apps from trusted markets. Enterprises can consider stricter controls such as mobile device management solutions.

Image courtesy of Martin McKeay under CC