Today Appthority released its Q2 2016 Enterprise Mobile Threat Report which shows a changing landscape with respect to two big players in enterprise mobility Specifically, we looked at the state of security in the Apple App Store and at a new initiative from Google, Android for Work.
As in our Q1 Enterprise Mobile Threat Report, we found the once safe Apple Store continues to be compromised with new breaches, bringing an end to the era of absolute trust in iOS and the protection of the App Store vetting process. We provide details on the latest iOS breaches, JSPatch and AceDeciever.
Meanwhile Google, seeing the need to enhance Android security in order to expand share in the enterprise, is taking steps to improve its security posture with a new enterprise toolset. We offer a review of Android for Work, assessing its comprehensiveness in addressing Android security for enterprises.
Apple App Store Remains Insecure
- JS Patch and AceDeciever are just the latest breaches showing why the Apple App Store can no longer be considered immune to security vulnerabilities
- 1 out of every 153 enterprise mobile devices, had at least one app containing the JSPatch framework
- The AceDeceiver trojan app, available in the App Store for over two months, was mostly seen in China but was also found on enterprise devices in North America and Europe
- Enterprises need to take extra precautions to protect devices, data and privacy
Android for Work Improves Android Security Posture in the Enterprise
- Work and Personal Profiles separate work and personal apps and data
- VPN and device security options bolster data and device security
- Verify Apps feature, when enabled, addresses malware, but not total app risk
- App reputation or app risk management still required for visibility into which apps are safe
Dead Apps Still An Open Issue
- Neither Apple nor Google app stores notify users when apps have been removed for security reasons so risky “Dead Apps” remain on employee devices
- Android OS update frequency is still lagging, increasing security risks
- Only 4.6% of Android devices have Marshmallow installed six months after its release. iOS 9 was on 75% of devices within 4 months.
The full report is available for download here.