Malicious Mobile Apps

Today, mobile devices like smartphones and tablets seem to outnumber desktops and laptops more than 2 to 1. They are the most used electronic devices on the planet. Criminal hackers are like viruses or scavengers, creatures of opportunity. With the growth of mobile devices, opportunity is shifting from computers to mobile devices. The lines between corporate and business are blurred, the defendable edge has all but disappeared with personal and corporate data being dispersed all over the world in order to give people anytime, anywhere access to data. Every one of these mobile devices is an opportunity for an attacker to gain access to your data. Now I am not saying we should stop using mobile devices or that the freedom to work anywhere other than your desk should be limited or taken away. I am saying that it is important to know that there are risks involved in this transition.

Malicious Mobile Apps or MMAs are apps that you install on your device that can steal information, track the user, send content, or reconfigure the device. These apps have found their way to the Google Play app store and also to the Apple ITunes app store. These MMAs are generally free targeting users looking for free apps. According to Webroot, a computer security company, nearly 80% of the top 50 free apps for iOS and Android devices are associated with risky behavior or privacy concerns that could lead to the infection of a mobile device. This is known as being rooted. Another risk to the security of a mobile device is jailbreaking it. Jailbreaking is the use of some software product to remove the restrictions imposed upon a mobile device by the manufacturer and/or mobile data provider. Jailbreaking allows for apps to be installed on the device that have not been through the standard approval channels or behave contrary to the manufacturer’s intended use for the device. These apps can be loaded with potentially malicious software. Jailbreaking is easy to stop, just don’t do it and the problem is solved. No matter what someone says about how awesome it is to have a jailbroken phone or tablet it isn’t worth the possible risk to your personal and company data.

According to Webroot, MMAs increased in number by almost 60% in 2012 and accounted for more than half of all mobile malware. The threat to mobile devices is real and growing, and if your business is going to allow mobile devices to be used to access company data and resources you need to have a plan to protect these mobile device just like you do with your computers. Let me say that Apple and Microsoft mobile devices are, in general, the more secure — with Apple being the most secure, due to how tightly they control the approval of apps that can be installed on their mobile devices. Apple Devices are not invulnerable as some malicious apps have surfaced, but have been quickly squashed once the app was identified as malicious by Apple. Android however is a bit of a different story. They allow not only software from their app store to be installed but allow for third party apps to be side loaded as well giving developers and end users a lot of freedom. Android does however support anti-malware software. If you have Android devices, insist that they have this type of software installed before allowing them to access data on your network. Here are some other tips to help keep mobile devices safe. Do not allow jailbroken devices on your network, inform users of the risks of using their mobile devices, only install apps from trusted sources and app stores. Some tips that should go without saying: always secure the device with a strong password and make sure any encryption features are turned on and make sure the operating system is up to date. Finally, consider drafting some mobile device policies and adopting a mobile device manager to manage and enforce the mobile policies.

We live in a technological world untethered from old restrictions of how and where work is done. That doesn’t mean we have to hang ourselves with the rope we have loosed. Instead, use it to keep your data and privacy from drifting out of reach. Work with a trusted advisor to help you tread the waters of this wide open world that we work in today.

Leave a Reply