mobile app security Archive

Mobile security shortfalls plague businesses

A new report revealed the lack of protection enterprises are putting into place on employee devices.

MobileIron has released a new report providing insight on the state of mobile security shortfalls in business. Enterprises are inadequately securing employee mobile devices and apps. This leaves them open to a spectrum of cyber threats, says the MobileIron report.

The results of the study were published in the 2016 Q2 Mobile Security and Risk Review.

Fewer than 5 percent of companies have adequately implemented threat detection software. A mere 8 percent of enterprises have enforced updates to operating systems. Failing to take these very basic steps represents considerable mobile security shortfalls, says the report. Moreover, 40 percent of businesses have experienced a loss or theft of mobile devices. That represents an increase of 7 percent over only two quarters beforehand, in Q4 2015.

The insight provided by these statistics in mobile security shortfalls is considered to be quite alarming.

Mobile Security Shortfalls in BusinessThe main problem is that the number of mobile devices used for business is rising exponentially. Moreover, those devices are being used with a dramatically larger number of mobile apps. At the same time, the number of mobile security threats is growing explosively. The landscape is, therefore, becoming much more dangerous very quickly. However, businesses are not even covering the basics to make sure their data is secure.

According to MobileIron lead architect, James Plouffe, “The velocity of mobile attacks is increasing, but the latest data shows that enterprises are still not doing the things they could be to protect themselves. This lack of security hygiene demonstrates that enterprises are alarmingly complacent, even when many solutions are readily available.”

This situation is less problematic in the U.K. There, businesses take greater action against mobile security shortfalls than their counterparts from other countries. The research indicated that only 39 percent of U.K. businesses were out of compliance. This was the fewest among all the countries studied. Moreover, they also had the fewest compromised devices at only 4 percent. Furthermore, they experienced the lowest rate (17 percent) of having staff members remove mobile device management software from their smartphones and tablets.

Mobile apps using Baido code are leaking personal info

Thousands of applications running on this code have been found to be collecting and sharing private data.

According to researchers at Citizen Lab in Canada, there are currently thousands of popular mobile apps that are running code created by Baidu, the internet giant from China, and the code has been causing those applications to collect the personal information of the users and transmit it to the company.

The researchers pointed out that a great deal of that personal information would be very easy to intercept.

It is estimated that the mobile apps using Baidu’s code have had hundreds of millions of downloads. The researchers have traced the issue back to problems in the software development kit (SDK) by Baido for creating Android applications. The mobile security threat applies to the Baidu browser as well as the apps that were created by the company and other firms that employ the same SDK in their app development. That said, while it was primarily Android applications that were affected, the Windows browser from Baidu was also among them.

The same researchers said that comparable types of security issues were present in the Alibaba UC Browser mobile app.

Mobile Apps The UC Browser from Alibaba and another popular mobile browser that is broadly downloaded and used in the largest internet market on the planet have also both been affected with unsecured personal data transmission.

That said, while Alibaba has already moved forward and has repaired the vulnerabilities, Baidu had yet to have completed that task at the time of the writing of this article. The company was, however, in the process of making the repairs to the holes in the kit’s encryption. Still, it admitted that it would not cease to collect data for commercial use. Some of the data collected by Baidu will also be shared with third parties. Still, the company said that it “only provides what data is lawfully requested by duly constituted law enforcement agencies.”

Among the unencrypted information collected through the Baidu code based mobile apps are the search terms that have been used by the user, his or her website visits, and his or her location. This, according to the Citizen Lab chief researcher, Jeffrey Knockel.