These apps, among others, apparently pose a serious threat to business security.
WhatsApp Messenger, WinZip, and Where’s My Droid Pro have made the list for the most blacklisted iOS and Android apps in enterprise environments.
On Tuesday, mobile security firm Appthority launched the latest Enterprise Mobile Security Pulse Report, a glimpse into how enterprise players tackle mobile security and network threats by banning apps considered to be a threat from accessing corporate resources and platforms.
Corporations can blacklist mobile applications for a variety of reasons. Known security holes and vulnerabilities or ways for confidential information to be leaked, a lack of secure communication and encryption, and links to threat actors or countries known for spying campaigns can all be reasons for barring an app on corporate devices, alongside compliance issues.
However, in the age of bring your own device (BYOD) schemes and corporately owned, personally enabled (COPE) platforms, it is not always possible to prevent app installation, but IT admins can at least prevent these applications from connecting to their networks.
According to Appthority, in Q3 2017, WhatsApp Messenger, Pokémon GO, and WinZip were the top blacklisted apps for iOS, together with CamScanner. Poot-debug(W100).apk, an Android System Theme, Where’s My Droid Pro, and weather software were the apps most likely to be banned on Android devices.
The report suggests that Android apps were usually blacklisted because malware was detected, and iOS apps were most likely to be banned due to data leakage risks, sending SMS messages — not necessarily with consent — or transferring data including GPS locations and sensitive information without encryption.
As a whole, tools for Android devices were banned most often, while social media and communication apps for iOS are treated with suspicion.
Appthority says that based on “mobile risk scores” related to vulnerabilities and the risk of data leaks, Uber, WhatsApp Messenger and Facebook Messenger are the riskiest Android apps commonly found in enterprise environments.
Facebook, Pandora, and Yelp on the iOS platform are the most likely to cause a security breach.
“Enterprise security teams need to understand which mobile apps are being used, the risks they bring, and how their peers are utilizing mobile threat policies to more effectively secure corporate data,” said Domingo Guerra, president of Appthority. “With BYOD and COPE, many commonly used app-store approved apps are making their way into enterprises and posing risks to sensitive corporate data.”
Read the original article on ZD Net here.