Media Coverage Archive

Thursday | December 8, 2016

EnterpriseAppsTech | By James Bourne – Apple is making a series of security changes for the new year – yet according to new research from Appthority, only 3% of enterprise apps are fully compliant with the new security mandate.

(c) Lemola

The research, which examined the top 200 iOS apps installed on enterprise devices worldwide, showed a relatively meagre proportion of apps which fully meet App Transport Security (ATS) data encryption requirements.

More than half (55%) of apps allow use of HTTP, instead of requiring HTTPS – another important aspect to Apple’s new mandate – while 83% of apps analysed had ATS disabled for all network connections, and more than a quarter (26%) had ATS disabled at a global level.

“Although Apple’s ATS encryption requirements go into effect in just a few weeks, Appthority researchers found that the majority of apps in the enterprise don’t fully utilise the best practices encryption standard, which should be a concern to enterprises,” said Robbie Forkish, vice president of engineering at Appthority in a statement.

“The new ATS mandate only applies to new submissions to the App Store, and Apple will be allowing exceptions to ATS, so, while the requirement should strengthen data security there will still be iOS apps not using data encryption in enterprise environments, even after January 1.

“For this reason, it’s incredibly important that businesses have visibility into, and management of, the risks related to apps with these exceptions, as they can put enterprise data at risk,” added Forkish.

Appthority’s analysis on the enterprise mobile space continues to cut through the hype and give a realistic view. Back in August, a report argued that the rise of Android vulnerabilities means there are three issues enterprises need to look at; employee productivity, data security, and app store vetting.

You can find out more about the report here.

Read the original article in EnterpriseApps Tech News here.