These apps, which openly acknowledge requesting various types of user data for advertising purposes, were found in more than 70% of enterprise environments. However, this is just the tip of the iceberg as there is a much larger number of apps lurking in the enterprise that collect user data such as calendar, Bluetooth and photos—and are not upfront about their intentions.

Of the more than 2 million iOS apps scanned by Appthority, the 24,000 flagged were just the ones that openly ask users for access permission to deeper device functionality for advertising purposes. In fact, over 98% of enterprises have apps in their environments that display ads. These results suggest that data leakage from ad-supported apps is a much bigger problem than most enterprises realize.

“As a pioneer in the mobile security space, Appthority has long known that advertising within apps like Facebook is common and comes with risks, such as the leaking of users’ Personally Identifiable Information (PII),” said Seth Hardy at Appthority. “However, the Cambridge Analytica exposure made us wonder how many of these apps are directly accessing and using personal information for advertising.”

The reality is that apps that access data for advertising pose additional risks to enterprises and users compared to apps that access data solely for in-app functions. For example, ad-supported apps typically include third-party advertising libraries, which are not managed by the original app that employees trust and install. Therefore, information accessed by these advertising providers is usually not monitored or regulated by the original apps, users or by enterprises.

What’s more, ad-supported apps often access data without any real functional justification. When accessing data, mobile apps have to state a reason for wanting the access. Accessing data for in-app functions is a justifiable reason, but the iOS apps found were accessing data specifically for advertising purposes. This practice poses an important question about data access in enterprise environments: does the benefit of using the app outweigh the cost of losing control of user or enterprise data?

Because the app economy is heavily supported by ads, eliminating all apps that collect and use data for advertising from a device or enterprise environment is often not possible. But, the report also provides recommendations to users and enterprises to safeguard their data including, among others, being selective about granting permission to access data and deploying a Mobile Threat Defense solution to ensure visibility into and remediation of ad-supported and other app risks.

Register to download the full report here.

The post New Appthority Report Finds Tens of Thousands of Ad-Supported Apps Are Collecting Excessive Data appeared first on Mobile Marketing Watch.

As a formidable leader in app risk management, Appthority is pushing the industry’s “first all-in-one app risk management solution.”

The solution in question supposedly combines app reputation analysis with a new policy management functionality. This enables organizations to create custom app risk policies.

Together with Appthority’s app reputation service, the new policy functionality gives IT administrators unprecedented control over mobile device management by providing both immediate app behavior insights as well as the ability to customize and directly enforce actions to neutralize app risk.

In short, Appthority’s App Risk Management solution integrated with a mobile device management (MDM) solution now gives IT administrators the tools needed to maximize the productivity gains of the Mobile First and BYOD (Bring Your Own Device) movements by mitigating app risk.

“IT Managers tell us they have no idea which apps to have their MDM vendors block. One company we spoke with was only able to manually analyze 40 apps a year to try to understand risky app behaviors. Now, organizations can make the most of their MDM investment with the Appthority Trust Score ratings of nearly two million apps, the ability to analyze new apps in seconds, and the first app policy settings based on the actual behavior of each app,” said Domingo Guerra, president and co-founder of Appthority. “Mobile policy cannot be one size fits all. Our new app policy management allows IT managers to easily create smart, turn-key mobile app policies that are customized to their unique company culture and risk profile.”

The post Appthority Touts New App Risk and Policy Management Solution appeared first on Mobile Marketing Watch.

Appthority, a recognized leader in App Risk Management, and AirWatch, a massive enterprise mobility management (EMM) provider,  announced that AirWatch EMM is being integrated with Appthority’s fully automated App Risk Management service for “speedy app analysis and risk management.”

According to details shared this week by the two companies, the Appthority partnership with AirWatch addresses a “critical problem” in empowering employees to access mobile applications.
In short, Appthority now integrates with AirWatch to provide “full visibility” into the presence of malware, security frameworks, privacy issues and risky behaviors of apps within AirWatch EMM deployments.

Administrators can now sync current application inventory with Appthority to quickly analyze each app installed across all company-managed mobile devices and automatically assign an Appthority Trust Score (ATS) to each app.

“Mobile apps are increasing employee productivity and satisfaction, but businesses need to address the security concerns that these apps pose,” says Kevin Keith, director of business development at AirWatch. “By partnering with Appthority, we’re giving AirWatch customers even more insight into app behavior so that they can manage risk accordingly and safeguard corporate data.”

The post AirWatch and Appthority Partner to Help ‘Manage Mobile App Risk’ appeared first on Mobile Marketing Watch.

The report examines how the “bring your own device” (BYOD) movement has led to the mixing of personal and corporate data on employee-owned devices, and how the apps we use every day can put that data at risk.

The report also shares how some app developers collect data on users as a money-making technique.

Other findings from the App Reputation Report include:

• Overall, 83% of the most popular apps are associated with security risks and privacy issues.
• iOS apps exhibited more risky behaviors than Android apps. 91% of iOS apps exhibit at least one risky behavior, as compared to 80% of Android apps.
• 95% of the top free apps and 77.5% of the top paid apps exhibited at least one risky behavior.
• 78% of the most popular free Android apps identify the user’s ID (UDID).
• Even though Apple prohibits its developers from accessing the UDID, 5.5% of the tested iOS apps still do.
• 72% of the top free apps track for the user’s location, compared to 41% of paid apps.
• Although paid apps already generate revenue when downloaded, 59% of paid iOS and 24% of paid Android apps still support in-app purchasing.
• Furthermore, 39% of paid iOS and 16% of paid Android apps still share data with ad networks.

“In analyzing both paid and free apps in our report, we’ve identified several new security trends within the global app ecosystem,” says Domingo Guerra, co-founder and president at Appthority. “For instance, we measured how paid apps – like free apps – are now supporting in-app purchasing and sharing data with ad networks as a method of generating revenue, even if it means putting user and corporate data at risk. We also discovered several popular iOS apps that access the unique device identifier (or UDID), even though Apple strictly prohibits that activity because UDIDs can be linked back to the private user information and activity as they navigate across apps.”

The review the full report, click here.

The post Appthority Identifies Security and Privacy Risks of Top Mobile Apps appeared first on Mobile Marketing Watch.

Based on the findings of a new study conducted by Xuxian Jiang, an associate professor of computer science at North Carolina State University, Google’s “application verification service” only detects 15.32 percent of known malware.

“By introducing this new app verification service in Android 4.2,” Jiang writes, “Google has shown its commitment to continuously improve security on Android. However, based on our evaluation results, we feel this service is still nascent and there exists room for improvement.”

Specifically, our study indicates that the app verification service mainly uses an app’s SHA1 value and the package name to determine whether it is dangerous or potentially dangerous. This mechanism is fragile and can be easily bypassed. It is already known that attackers can change with ease the checksums of existing malware (e.g., by repackaging or mutating it).

To be more effective, Jiang proposes, additional information about the app may need to be collected. “However,” he adds, “how to determine the extra information for collection is still largely unknown — especially given user privacy concerns.”

Industry estimates suggest that roughly 85% of all mobile malware attacks since 2011 took place on Android smartphones. All told, malware breaches have exploded by at least 700% in the past twelve months. As a result, key players in the Android ecosystem are doing their best to help curb their unfortunate phenomenon.

As MMW reported in November, Airpush – the second largest mobile ad network for Android – just partnered with Appthority, a leading and highly respected expert force in mobile app security to eliminate the threat of mobile malware from the Airpush network..

“Mobile malware has been a thorn in the side of the thriving app ecosystem,” said Kevin Watkins, CTO and co-founder of Appthority. “We are proud to assist Airpush with the technology that improves the state of security across the app world. Airpush is being proactive by attacking the malware problem at its source distribution and that demonstrates their commitment to protecting their customers.”

Clearly, the time has now come for others to become equally proactive and put forward polished, effective solutions to mitigate the threat of mobile malware before it begins to restrict the industry’s overall growth – a reality that some mobile experts predict will be inevitable if malware is allowed to get out of hand.

The post Inside Android’s Mobile Malware Fail appeared first on Mobile Marketing Watch.

But the State Department of Consumer Protection is warning mobile shoppers about the potential dangers that lurk in the realm of cyber shopping.

“While smart phones and the Internet can make your holiday shopping faster and easier, there can also be pitfalls if you’re not careful,” Consumer Protection Commissioner William M. Rubenstein said this morning.

Angelo Franks, a mobile security expert and tech journalist, tells MMW that one of the greatest threats this holiday shopping season is the growing inventory of mobile apps infected by and capable of spreading mobile malware.

“Consumers have to be careful about what they download and where they download it from,” Franks says, adding that not enough responsible steps have been taken by ad networks to cut down on the spread of these malicious payloads.

One notable exception is Airpush. The second largest mobile ad network for Android recently partnered with Appthority for the purpose of integrating its mobile security technology into the Airpush platform. As a result, all advertiser app promotions and URLs are now scanned, thereby removing the possible threat of malware across Airpush’s vast network of more than 50,000 apps.

While Airpush has worked hard to raise the bar on mobile security standards, not all players in the world of mobile ad networks are rushing to be as responsible. As a result, consumers are encouraged to be guarded in their downloading of apps in the coming weeks.

The National Consumers League estimates that more than half of all U.S. wireless users now have smartphones and 45 million routinely use shopping and eCommerce-related apps.

The post Season of Cyber Shopping Raises Concerns About Mobile Security appeared first on Mobile Marketing Watch.

Based on the current patterns observed by mobile security analysts, cybercriminals are losing interest in PCs and laptops. Instead, they are focusing on the new challenges associated with infiltrating our mobile devices – the devices from which we operate, organize, and frequently orchestrate our lives, purchases, and day-to-day activities.

“During the past few quarters, we’ve seen that the Android OS is the most popular target for writers of mobile malware,” a recently published report from McAfee indicates. “This quarter was no different; practically all new mobile malware was directed at the Android platform. The mix included SMS-sending malware, mobile botnets, spyware, and destructive Trojans.”

Of course, Android isn’t the only platform donning a bullseye. Apple’s iOS also isn’t safe from the antics of cybercriminals and mobile malware peddlers.

In response to these growing concerns, pressure is mounting on mobile ad networks – a source of significant malware infections – to step up their games and crack down on this burgeoning “epidemic.” But so far, not many have answered the call.

As MMW has covered in recent weeks, one mobile ad network stepping up to the plate and setting new industry standards is Airpush. The second largest mobile ad network for Android just teamed up Appthority for the purpose of integrating its mobile security technology into the Airpush platform.

As a result, all advertiser app promotions and URLs are now scanned, thereby removing the possible threat of malware across Airpush’s vast network of more than 50,000 apps.

To date, Airpush has been praised for its efforts. But only time will tell if others follow the lead and take responsible steps to keep mobile malware away from those to whom it would do the most harm.

Is mobile malware something you are concerned with? If so, what are you doing to minimize your exposure risks? Please weigh in with a thought or comment below.

The post Can Mobile Ad Networks Slow The Spread of Mobile Malware? appeared first on Mobile Marketing Watch.

On Thursday, Airpush announced what some are calling a major initiative to help eliminate malware distribution.

The announcement came at the SF AppShow where Airpush confirmed its partnership with Appthority, a leading and highly respected expert force in mobile app security.

“Mobile malware has been a thorn in the side of the thriving app ecosystem,” said Kevin Watkins, CTO and co-founder of Appthority. “We are proud to assist Airpush with the technology that improves the state of security across the app world. Airpush is being proactive by attacking the malware problem at its source distribution and that demonstrates their commitment to protecting their customers.”

Airpush says the partnership will integrate Appthority’s mobile security technology directly into the Airpush platform. The result will be a comprehensive scanning of all advertiser app promotions and URLs. This naturally serves as a nice supplementary level of security in Airpush’s manual approval process.

By integrating Appthority’s technology directly into its platform, Airpush has “virtually eliminated the threat of mobile malware distribution via its network of over 50,000 applications.”

To learn more about Airpush, click here.

The post Airpush Teams with Mobile App Security Specialists at Appthority appeared first on Mobile Marketing Watch.