New Appthority Report Finds Tens of Thousands of Ad-Supported Apps Are Collecting Excessive Data

Media Release: Appthority, the global leader in enterprise mobile threat protection, today released a new report that analyzed iOS apps in corporate environments and found that more than 24,000 ad-supported apps are hiding their excessive data collection in plain sight, putting mobile users and enterprises at risk.

These apps, which openly acknowledge requesting various types of user data for advertising purposes, were found in more than 70% of enterprise environments. However, this is just the tip of the iceberg as there is a much larger number of apps lurking in the enterprise that collect user data such as calendar, Bluetooth and photos—and are not upfront about their intentions.

Of the more than 2 million iOS apps scanned by Appthority, the 24,000 flagged were just the ones that openly ask users for access permission to deeper device functionality for advertising purposes. In fact, over 98% of enterprises have apps in their environments that display ads. These results suggest that data leakage from ad-supported apps is a much bigger problem than most enterprises realize.

“As a pioneer in the mobile security space, Appthority has long known that advertising within apps like Facebook is common and comes with risks, such as the leaking of users’ Personally Identifiable Information (PII),” said Seth Hardy at Appthority. “However, the Cambridge Analytica exposure made us wonder how many of these apps are directly accessing and using personal information for advertising.”

The reality is that apps that access data for advertising pose additional risks to enterprises and users compared to apps that access data solely for in-app functions. For example, ad-supported apps typically include third-party advertising libraries, which are not managed by the original app that employees trust and install. Therefore, information accessed by these advertising providers is usually not monitored or regulated by the original apps, users or by enterprises.

What’s more, ad-supported apps often access data without any real functional justification. When accessing data, mobile apps have to state a reason for wanting the access. Accessing data for in-app functions is a justifiable reason, but the iOS apps found were accessing data specifically for advertising purposes. This practice poses an important question about data access in enterprise environments: does the benefit of using the app outweigh the cost of losing control of user or enterprise data?

Because the app economy is heavily supported by ads, eliminating all apps that collect and use data for advertising from a device or enterprise environment is often not possible. But, the report also provides recommendations to users and enterprises to safeguard their data including, among others, being selective about granting permission to access data and deploying a Mobile Threat Defense solution to ensure visibility into and remediation of ad-supported and other app risks.

Register to download the full report here.