SOURCE: Wandera

May 10, 2016 09:00 ET

Popular Business Apps Failing to Protect Personally Identifiable Information

Research From Wandera Reveals Severe Mobile App Security Shortcomings

SAN FRANCISCO, CA--(Marketwired - May 10, 2016) -  Wandera, the leader in mobile data security and management, today announced the findings of a comprehensive security assessment of the most popular business apps used on corporate mobile devices by enterprise customers across North America, U.K., Europe and Asia.

The ten apps analyzed in the report are very widely used around the world by enterprise employees and have been downloaded an estimated 1.4 billion times from the Google Play store. Within Apple's App Store, they fall within the top 0.05% of all published apps and are primarily classified in the business and productivity categories. The ten apps analyzed were put through an extensive security assessment, using the Open Web Application Security Project (OWASP) Mobile Security Risks as a foundation.

According to the OWASP test, the most common vulnerabilities impacting mobile apps are insecure data storage, insufficient transport layer protection, lack of binary protections and poor authorization and authentication.

"In our increasingly mobile world, enterprises need to gain complete visibility in order to maintain control of their mobile data, ensure compliance and prevent mobile security threats," comments Eldar Tuvey, CEO of Wandera. "Security is an essential concern when it comes to mobile app development and it should not be sacrificed for the sake of speed and convenience."

Key findings from the report include:

  • 10 out of the 10 apps are vulnerable to at least three of the OWASP Top 10 Mobile Risks, including the two most fundamental issues: data storage security and data transport security.
  • 10 out of the 10 apps contain at least five of the 28 weaknesses tested and fail to use secure data storage to protect Personally Identifiable Information.
  • 9 out of the 10 apps do not use Certificate Pinning at all, and are therefore vulnerable to Man-in-the-Middle attacks (the single application that does use this protection mechanism fails to implement it properly).
  • 8 out of the 10 apps allow the use of weak passwords and 3 out of 10 apps allow the use of weak encryption.

Perhaps most notably, the survey results reveal that enterprises should not overlook the fact that corporate data resides in mobile apps making mobile security a critical concern. To improve mobile security, IT departments need to implement third party safety nets around applications and address data security holistically. It is essential that developers utilize a secure development process and thoroughly test code before releasing it to users.

The full report, "Assessing the Security of 10 Top Enterprise Apps" is available for download here.

About Wandera
Wandera is the leader in mobile data security and management, protecting enterprises with real-time threat prevention, compliance and data cost management. Wandera's multi-level architecture, which includes a pioneering cloud gateway for mobile, offers unrivalled visibility and control. With the industry's largest mobile dataset, Wandera analyzes billions of daily inputs across its network in real-time to detect emerging mobile attacks and protect sensitive company data. Founded in 2012, Wandera is headquartered in San Francisco and London. For more information visit the website www.wandera.com

Contact Information