This past week marked the launch of our summer 2014 edition of the Appthority App Reputation Report. We analyzed 400 of the most popular iOS and Android apps for hidden security and privacy risks, compared free vs. paid apps, the relative security of iOS vs. Android, and also identified the Top 10 Risky Behaviors that threaten the enterprise.
We found that these risky app behaviors primarily fall into two categories: sensitive data being captured and sensitive data being shared. Overall, 99% of the most popular free iOS and Android apps exhibit at least one of the Top 10 Risky behaviors.
Below are some more highlights:
- 78% of the top Android paid apps had at least one of the Top 10 Risky Behaviors
- 87% of the top iOS paid apps had at least one of the Top 10 Risky Behaviors
- 82% of the top free Android and 50% of the top free iOS apps allow location tracking
- 88% of the top free Android and 65% of paid Android apps access the user’s ID (UDID) compared to 57% of the top free iOS and 28% of paid iOS apps
- 71% of the top free Android apps share data with ad networks up from 58% of the top free Android apps earlier this year
- 58% of the top free Android apps and 55% of the top free iOS apps allow for in-app purchases
- 31% of the top free Android apps connect to cloud file storage, compared to 16% of free iOS apps
In addition, the summer 2014 Appthority App Reputation Report found 85 different developers behind the top 100 iOS and Android apps.
The massive number of diverse developers highlights a growing IT management problem as companies struggle to adapt to a much more dynamic software environment. Previously, software used in the enterprise came from a few trusted developers and enabled easy white-listing, but that is no longer possible as sensitive data is frequently up-for-grabs for third parties to mis-use.
There was some good news. We found very few of the apps included malware. In fact, mobile malware infects only .4% of mobile apps in the enterprise and 0% of the apps found in the top 400. This directly conflicts the prevailing narratives around mobile app security.
Thoughts or comments on our new App Reputation Report? Reach the Appthority team on Twitter at @Appthority.