Appthority, the global leader in enterprise mobile threat protection, today released its Enterprise Mobile Security Pulse Report for Q2 2018, which is based on millions of ongoing mobile security scans Appthority performs for its enterprise customers. The new quarterly research provides the mobile apps most often found in the enterprise and their Mobile Threat Risk Scores, the top mobile apps blacklisted by enterprises, and the top mobile malware connections by country.
For iOS devices, WhatsApp Messenger, Facebook Messenger, and traffic and navigation service Waze topped the list as the riskiest apps most often found in the enterprise based on the Appthority Mobile Threat Risk Score, which measures the highest risk from tens of millions of data points based on deep app analysis. For Android, the riskiest and most often found apps were WhatsApp Messenger, Facebook Messenger and Telegram, an instant messaging and voice over IP service. Both Waze and Telegram were new to the list from the previous quarter.
Chat apps from Facebook and WhatsApp, in particular, were notable for several reasons. WhatsApp Messenger is not only among the top 5 most popular apps on either platform – 3rd most popular on iOS and 5th most on Android – but it has a relatively high risk score of 7 out of 10 in the data leakage range on both platforms. This score means the app accesses and/or sends enterprise related or identifiable information. While Facebook Messenger is slightly less popular in enterprises, it shares the same risk score and, like WhatsApp Messenger, is also in the top five apps blacklisted on either platform by enterprises.
“Our latest Enterprise Mobile Security Pulse Report confirms enterprise exposure to risks from excessive data gathering and sharing by commonly used social and communications apps,” said Seth Hardy, Appthority Director of Security Research. “By shining a light on the apps and risks commonly found and blacklisted in enterprises, our goal is to help security teams better secure their data and employees and make more informed security decisions.”
The top apps blacklisted by enterprises are also featured in the report. Enterprises blacklist apps for a variety of security concerns including specific malicious or data leakage behaviors, security policy compliance, and concerns about data handling. This quarter, the top app categories blacklisted by enterprises were messaging, social networking and dating apps. The top three blacklisted apps by OS were Facebook Messenger, Wickr Me, and WhatsApp Messenger for Android; and Facebook Messenger, WhatsApp Messenger, and Tinder for iOS.
The majority of the top blacklisted apps were flagged for data leakage, such as sending address book and SMS data, as well as for other vulnerabilities and suspicious behaviors, such as disabling default HTTPS encryption and using JSPatch for hot patching, a feature which has been banned in the App Store.
Another top enterprise security concern is the countries to which mobile data is being sent, particularly where malware may be sharing data. The Pulse report also reveals the most common destination countries for mobile malware and the reputation of the connections by country.
This quarter, the U.S., China and Germany are top destinations for Android and iOS malware despite these countries having average reputation scores in the Trustworthy and Low Risk range. The Netherlands had the highest percentage of connections in the High Risk range (3%) followed by China and Hong Kong, at 2% respectively.
The complete list of the top 100 apps in enterprises (50 iOS and 50 Android), along with their associated risk scores, can be found in the full Enterprise Mobile Security Pulse Report for Q2 2018. To access other research reports from Appthority, please visit www.appthority.com/resources/#research.
Appthority is a pioneer in enterprise mobile security and the leader in the Mobile Threat Defense category. The comprehensive Appthority Mobile Threat Protection (MTP) solution helps customers keep their data private and secure from mobile device, app and network threats. More Fortune 1000 companies trust Appthority to secure their enterprises from mobile threats because Appthority delivers best-in-class mobile threat protection and unparalleled enterprise visibility and control of mobile risks. With Appthority, security teams are informed, employees are productive and enterprise data is kept private and secure. Visit www.appthority.com for more information.