Appthority released its Q3 2016 Enterprise Mobile Threat Update today which focuses on recent changes in the mobile threat landscape that pose direct threats to the enterprise.
As in our Q2 report, we found that new threats continue to surface and app store reviews continue to fall short of meeting enterprise security standards. However, we note some progress with the new, more granular Android permissions model and suggest ways to further enhance those modest security gains.
In this Update, the Appthority Enterprise Mobile Threat Team:
- Reviews two major vulnerability types surfacing in Android apps – autorooting and overlay malware
- Presents some analysis on whether Apple’s faster app review times coincided with the spate of vulnerabilities that plagued the Apple App Store starting last summer
- Assesses the new Android permissions model to see if apps are getting safer with its more granular runtime permissions
- Godless, LevelDropper, and Overlay recently surfaced in the Google Play Store, all in the month of June. These new strains of vulnerabilities can have adverse effects on the enterprise, including decreased employee productivity and weakened data security.
- Faster Apple app review times have not been accompanied by enhanced security vetting. Apps with malware and serious security vulnerabilities continue to surface in the Apple App Store as well as the Google Play Store.
- Android’s Marshmallow OS’s new permission model is progress for app safety, there is more that can be done to help users protect their privacy and their data.
To protect your enterprise mobile environment from new threats and apps that don’t fully comply with your security policies, we recommend taking the following measures:
- Implement a mobile protection solution that detects malicious behavior in apps already in your environment, eliminates suspicious apps and brings infected and rooted or jailbroken devices into compliance.
- Ensure employees have a security app installed to ensure they are aware of malicious and suspicious apps and proactively alerted not to install them.
- Educate employees about the dangers of installing apps outside of official app stores. Although security is not perfect, it is far safer to obtain apps through the official stores than via third party stores.
- Encourage employees to upgrade to the latest OS possible for their devices. Each OS update contains significant security improvements which protect against known malware and other vulnerabilities.
For more information, download this quarter’s update here.