News & Events

App Risk Management News

BYOD Security Issues

Published on April 17, 2014 SYS-CON

Security Chat with Domingo Guerra, president and co-founder of Appthority

I'd be curious to hear any general thoughts you have on market trends...

Guerra: According to Gartner, by 2015, the number of employees using mobile applications in the workplace will double. More organizations are adopting a Mobile First strategy, to support employees who are using the mobile device as their primary computer more and more. Employees are, on average, downloading 50-200 apps from the millions of apps in the global app ecosystem onto devices that are connecting to the corporate network. The cost and complexity of manually managing app risk policy functions is enormous, so there is a strong need for technology that can mitigate the risks apps bring into the enterprise.... Read More »

Tax Time Android Threats

Published on April 14, 2014

April 15th is the last day to file your taxes in the U.S. without an extension, and many of you probably forgot. I know, I've been there. Fortunately, there are lots of handy electronic helpers here to make paying up to Uncle Sam a little easier. Unfortunately, not all of them are equally secure. This week, Appthority examines three tax and finance apps that, while not malicious, have security issues that might make you think twice.... Read More »

Trojanized Android Apps Steal Authentication Tokens, put Accounts at Risk

Published on April 11, 2014

Using a custom-made trojanized Android app, the mobile experts at app risk management company Appthority have discovered a way to steal authentication tokens and gain access to the accounts of some of the most widely used services, including Google, Facebook, and Twitter.

It is easy too, Kevin Watkins, co-founder and CTO of Appthority, told on Thursday. Although in his tests he created a trojanized version of Flappy Bird to capitalize maliciously on the success of the no-longer-available game, he said any app can be used.... Read More »

That Hot Tinder Babe is a Malware-flinging ROBOT

Published on April 07, 2014 The Register

Hackers are abusing the popular Tinder dating app to spread malware and survey scams using bots and clever social-engineering trickery.

Bots are luring users with tempting profiles and pictures using pictures from an Arizona-based photography studio, according to net security firm BitDefender. Some of these images have also been purloined for fake Facebook profiles.

“After users swipe the right button on Tinder to indicate that they like a profile, the bots engage users in automated conversations until they convince them to click on a dubious link,” explained Catalin Cosoi, chief security strategist at Bitdefender. “The name of the URL gives the impression of an official page of the dating app and for extra legitimacy scammers also registered it on a reputable .com domain.”... Read More »

Medical Apps are Here to Stay: So How Do We Keep the Value and Lose the Risk?

Published on March 27, 2014 Electronic Health Reporter

Last year, 2013, was a big year for mobile applications, including medical and health-related apps. As many medical centers have sought to increase patient engagement, improve outcomes and reduce healthcare costs, digital tools, such as iPads, smartphones, online portals and text messaging in hospitals are rapidly becoming commonplace. Smart health tech has gotten serious. Patients and doctors alike use medical apps. Physicians can access symptom checkers, drug information, medical calculators and more via smartphone and tablet apps. ... Read More »

Are Mobile Banking Apps Safe?

Published on March 24, 2014

...We got straight to the point: Are banking apps unsafe?

“It’s a mixed bag,” says Guerra. “Some of the smaller banks and credit unions aren’t as secure. Sometimes, they just launch a mobile browser.” Larger banks have the resources and manpower to develop their own apps, and they can build tighter security into the technology, he says. “It’s not that they don’t know how to do it,” says Guerra of the smaller financial institutions, “but big banks can do it in-house.”... Read More »

Enterprise Mobile Application Risk Management

Published on March 21, 2014 Frost & Sullivan

Frost & Sullivan research confirms that the North American Enterprise Mobility market is on a growth trajectory. The number of organizations that consider mobility as a key business enabler continues to increase rapidly. However, managing the device is only the first step – it is equally important to manage the applications (or “apps”) on mobile devices that are used in a corporate environment. Mobile application reputation services – as the name indicates – analyze different mobile application attributes to determine the overall risky behavior and performance of mobile applications. This analysis can help organizations safeguard their networks and IT assets via mobile app risk management.... Read More »

Are iOS Apps Riskier Than Android Ones?

Published on March 17, 2014 PCMag

The battle between Android and iOS never ends. Whether it's the devices themselves or the goodies that come with them, people will always argue one over the other. Appthority decided to weigh in on this contest, pitting Android apps against iOS ones to assess both of the platforms' mobile app security.

Using the Appthority Mobile App Risk Management Service, the company looked at the top 400 apps offered from both Apple and Google and compared it to Appthority's 2013 summer findings. ... Read More »

Mobile Threat Monday: Nightmare Android App Steals Everything

Published on March 16, 2014

Since we began Mobile Threat Monday all the way back in June we've primarily focused on specific attacks and malware that are already in the wild. This week, we're doing something different as Appthority showcases a malicious app they cooked up in their labs. It's not in the wild, thank goodness, but it does demonstrate how much damage a carefully crafted and distributed malicious app could do.... Read More »

Mobile Apps Trade Safe Practices for Money

Published on March 12, 2014 eWeek

Ninety-five percent of the top free iOS and Android apps, which overwhelmingly use ad networks to generate cash, show at least one risky behavior. The vast majority of Android and iOS apps show risky behavior, mainly driven by third-party advertising networks, according to two reports on the mobile software ecosystem published this week.

In an analysis of the top 100 paid and top 100 free apps on both iOS and Android, security firm Appthority found that free apps continued to exhibit risky behavior more often than paid apps. Collectively, 95 percent of the top 200 free apps—100 on iOS and 100 on Android—performed at least one risky behavior, such as tracking location, sharing data with advertising networks or identifying the user or user's device, according to the company's Winter 2014 App Reputation Report. ... Read More »