About one in four apps were classified as “suspicious” or “questionable” based on the permissions requested, category of the application, number of downloads and reputation of the publisher. Bit9 also surveyed a group of IT decision makers in the commercial sector whose IT security policies affect over 400,000 employees.
Not only do the apps pose a potential vulnerability, but so do the policies. 71% of the respondents said that employees were allowed to access company networks and data using personal devices, but only 24% of those businesses had any monitoring or controls in place to know if any apps present on the devices were accessing sensitive information. That statistic is rather disappointing given that 68% of them said security was the most important driver of their policies.
In the infographic below, Bit9 found over 100 applications with the words “Angry” and “Birds,” but only 4 are from Rovio, the popular apps’ publisher. One of those other apps (among many), “Angry Birds Wallpaper” had access to detailed GPS location services, arguably not needed for such an app to function properly.
Aside from concerns this may raise for consumers, the concerns are a magnitude larger for companies as the bring-your-own-device (BYOD) practice gains more and more acceptance. 26% of the apps get access to personal information such as email or contacts, yet 96% of employers allows users to access corporate email on their personal devices and 85% have access to calendar and scheduling.
One of the more interesting statistics out of the report is that while these companies seem to allow Android devices on their corporate systems, they also rank their perception of Android’s security as less than iOS or BlackBerry.
Does your employer let you BYOD? If so, does the company place an IT policy or control on it to prevent unwanted applications from trying to gain access to personal information that might be linked to more sensitive data?
sources: Bit9 via Mashable