Data security risk from mobile app use

Mobile apps and smartphone illustrationHewlett Packard Enterprise research has shown that many mobile apps form a data security risk.

Most mobile apps make a note of the user’s location, even when this information is not needed , and others are considered to collect ‘alarming’ volumes of data. The research suggests that around half of apps are guilty of this, which increases the threat of a data security breach.

The HPE Mobile Application Security Report for 2016 took into consideration more than 36,000 apps that use Android and iOS operating systems. For business users, the increasing use of mobile apps means that more attention needs to be paid to mobile security best practices.

Cyber attackers are developing a growing interest in mobile apps, which means that security needs to be a consideration during development. While it would seem to be reasonable that location is tracked, the study shows that other data is also being accessed. This includes calendar data, which could include information on meetings and who is attending.

Ad frameworks and analytics frameworks could be responsible for allowing access to more sensitive data, and the report raises concerns about logging methods, which can reveal data to third parties. It is estimated that around 95% of the apps that were examined had logging methods attached. It is recommended that if an app requests information that it does not actually need it should not be used, and warnings are also being issued about apps that seem to store a great deal of data as this can also make the user vulnerable.