Enterprise Apps Tech | By James Bourne – A new report from mobile security provider Appthority concludes the mobile threat landscape continues to evolve and singles out three recent vulnerabilities in the Play Store which could be a serious issue for enterprises.
The report, the firm’s latest quarterly Enterprise Mobile Threat Update, examines Godless, LevelDropper, and Overlay. Godless, discovered by Trend Micro researchers, potentially affects almost 90% of Android devices, and is able to silently install apps on Android devices having rooted and infected it. LevelDropper, discovered by Lookout, has a similar theme, while Overlay is a name given to a variety of apps which mimic the look and feel of a target app and aims to steal credentials for mobile banking and messaging apps.
Appthority argues the rise of these vulnerabilities means three issues enterprises need to look at; employee productivity, data security, and app store vetting. “The promise of increased productivity via mobility is undermined by rooting malware,” the report notes. “Efforts to uninstall the apps only to have them reappear is a frustrating distraction that needlessly takes attention away from more productive activities.”
With this in mind, the researchers examined whether Android’s new permission model – “dangerous permissions”, announced with the Marshmallow OS update – is making apps safer or not. Going through Appthority’s app database, almost half of the 24 permissions labelled ‘dangerous’ saw a net reduction with the new model – something that the company describes as “progress for app safety”, although they add there is more to be done. Developers should always state why a certain permission is being requested, including an explanation of how the app would make use of the information to improve things, the researchers argue.
You can find out more about the report here.
Read the original article in Enteprise Apps Tech here.