With Deadline Looming, Appthority’s Enterprise Mobile Threat Research Shows Most Apps in the Enterprise Pose Potential Security Risks
SAN FRANCISCO –December 6, 2016– Appthority, the global leader in enterprise mobile threat protection, published research that looks at the impact of Apple’s upcoming App Transport Security (ATS) data encryption requirements on apps in the enterprise, set to commence on January 1, 2017. Appthority Enterprise Mobile Threat Researchers examined the top 200 iOS apps installed on enterprise devices worldwide to see how many are already using ATS, and how fully those apps have implemented it. Appthority found that only three percent of apps in today’s enterprise have implemented ATS with no exceptions.
Most #apps don’t meet @Apple’s Jan 1 #security mandate. Is enterprise #mobilesecurity at risk? @Appthority Research:http://bit.ly/2gZhhrq
“Although Apple’s ATS encryption requirements go into effect in just a few weeks, Appthority researchers found that the majority of apps in the enterprise don’t fully utilize the best practices encryption standard, which should be a concern to enterprises,” said Robbie Forkish, Vice President of Engineering at Appthority. “The new ATS mandate only applies to new submissions to the App Store, and Apple will be allowing exceptions to ATS, so, while the requirement should strengthen data security there will still be iOS apps not using data encryption in enterprise environments, even after January 1. For this reason, it’s incredibly important that businesses have visibility into, and management of, the risks related to apps with these exceptions, as they can put enterprise data at risk.”
Additional findings from Appthority’s Enterprise Mobile Threat Research show that:
- More than half of apps (55 percent) allow use of HTTP, instead of requiring HTTPS
- 83 percent of apps had ATS disabled for all network connections
- 26 percent of apps had ATS disabled at a global level, with specific exceptions set up for domains
Existing apps that don’t comply with the ATS mandate won’t be removed from the App Store but new apps and updates to existing apps must implement ATS by January 1 in order to be approved for the App Store. New app versions are typically released six or more times per year but, as the number of non-compliant apps rises, we could see a significant slowdown in feature rollouts and important app security patches. Enterprises will have to be continue to be vigilant about risky apps in their environments.
Appthority’s Mobile Threat Research on ATS was headed by a new member of the Appthority Enterprise Mobile Threat Team, Research Scientist Dr. Su Mon Kywe, a frequent publisher and speaker on mobile security. The report explains the technical requirements of ATS, the mechanisms Apple is providing for acceptable exceptions – those cases where ATS implementation is infeasible or unreasonably impacts performance – the reasons that some developers are not yet embracing ATS for their apps, and what ATS does and doesn’t do to help app security.
Appthority’s Enterprise Mobile Threat Research on ATS can be downloaded in full here.
Appthority, the global leader in enterprise mobile threat protection, delivers proactive visibility into mobile risk, rooted in the most comprehensive mobile application analysis available. Appthority’s extensive and ongoing threat intelligence eliminates mobile risk blind spots and combines the widest array of customizable policy and remediation options to tailor threat protection to the unique needs of individual enterprises. Customers benefit from Appthority’s mobile app as they extend the enterprise’s security perimeter to employees, ensuring everyone is knowledgeable about mobile risk and compliance, while helping to prevent risky apps from ever entering the ecosystem. With Appthority, security teams are informed, employees are productive and enterprise data is kept private and secure. Appthority is trusted by organizations needing the most effective threat protection at scale, including several of the Global Forbes 100 as well as top government agencies in the U.S. Europe and Asia.
For more information, please visit www.appthority.com.
Finn Partners for Appthority
Jenna Finn, 415-249-6777