Research reveals iOS and Android app data leakage – and what it means for enterprises
A new report from cloud security provider Zscaler has revealed the extent of data leakage from iOS and Android apps – and the threat this poses to enterprises.
In a blog post entitled ‘Are mobile apps a leaky tap in the enterprise?’, the company analysed more than 45 million transactions related to mobile devices through its cloud, and found that 0.3% of the 20 million Android transactions and 0.5% of the 26 million iOS transactions are resulting in some level of privacy leakage.
For 58% of Android and 72% of iOS privacy leaks, the information is around device metadata – apps sending identifying information, such as network, OS and SIM card. 39% and 27% of Android and iOS respectively was around location, including exact latitude and longitude coordinates, while 3% for Android is PII (personally identifiable information) leakages, such as mobile numbers and email addresses. For iOS, PII is at 0.2% of overall leaks.
“These statistics demonstrate that significant amounts of personal data can be leaked simply by tapping into any organisation’s traffic,” Viral Gandhi, senior security researcher at Zscaler notes. “In our cloud alone we saw nearly 200,000 examples of such leaks. All that leaking data can be leveraged for more sophisticated attacks.”
Zscaler notes that, while PII may be the most lucrative information on the surface – email and phone details represent the quickest way to target a user – device metadata, which represents the bulk of the attacks, can be leveraged for tracking a device and creating targeted attacks. Furthermore, hardware identifiers like MAC, GSM IMEI, IMSI, and UDID, are globally unique and do not change over the lifetime of a device.
Ultimately, the company notes that observing the leakage from iOS and Android apps is another warning for companies to protect their users and their broader network infrastructure. “They should be applying strict MDM policies and educating employees about app security in an effort to stave off any kind of data loss or security breach,” Gandhi adds.
You can read the full post here.
- » Will web apps steal native mobile apps’ EMM crown?
- » Totango secures $9 million in funding to help organisations improve customer engagement
- » Upskill raises $17 million in further boost towards enterprise augmented reality
- » It takes two for Tangoe: Why the CFO and CIO are equal in the digital transformation drive
- » Out of the shadows: What’s next for citizen developers?