Skip to main content
Nov 12, 2013

Security and Privacy Threats to Enterprise Mobile Apps

enterprise mobile apps securityA recent study conducted by the research firm Ovum revealed that 70% of employees who own a smartphone or tablet use it to access corporate data through enterprise mobile apps. This staggering figure that points to the surge in the popularity of bring your own device (BYOD) policies among enterprises. While the advantages of BYOD are clear (it is strongly linked to increased employee productivity), it doesn't come without its downsides. The bottom line is: mobile security and privacy threats are a major challenge for IT departments with a BYOD policy that includes enterprise mobile apps.

Major security and privacy threats

Third-Party Apps The growth of the BYOD movement has also coincided with growth in the bring-your-own-application (BYOA) movement. As employees continue to become more tech-savvy, they've begun downloading and using 3rd party business applications that offer file sync/share, IM/VoIP, and networking features. Though employees have good intentions, the use of third-party enterprise mobile apps puts both the user and the enterprise at risk. The existence of malware and spyware in such is always a possibility. In fact, Trend Micro estimates that there are over 700,000 malware and/or adware-laden apps available to Google Android users alone. These apps do everything from steal data to initiate malicious downloads. Such threats not only put the device owner at risk, but could also compromise confidential corporate data. To compound the issue, many third-party apps are unintentionally malicious as a result of poor coding practices. Poorly written software can inadvertently gain access to or expose data and/or metadata stored on a device. Network Threats Threats to enterprise mobile apps can also exist on a network level, especially when employees use third-party apps. Though most enterprise networks are secure, there is no guarantee that the networks employees connect to outside of the office are. Unsecured Wi-Fi networks put app users at risk for man-in-the-middle attacks and Wi-Fi sniffing. Physical Threats According to a recent study conducted by Pew, one-third of cell phone owners have either lost their device, or had it stolen. Physical threats like these are an ever-present concern for both device owners and IT departments.

How IT departments can mitigate security and privacy concerns

Establish BYOD policies It is vital for organizations to establish BYOD policies before supporting BYOD. These policies should clearly define which employees are eligible to participate, what types of devices are supported, and what business functions are supported. A standard set of procedures is also required in cases where devices are lost, stolen, or otherwise compromised. Develop Internal Mobile Applications A number of mobile security and privacy threats develop from employees using third-party applications. One obvious way organizations can mitigate this threat is to develop their own enterprise mobile apps. Developing apps internally eliminates malware and spyware concerns and can also be customized to promote higher efficiency and productivity. App Wrapping With the smartphone and tablet markets spread now flooded variety of manufacturers, developing native applications complete with security features can be costly and time consuming. One solution is to develop applications using a mobile application management (MAM™), which adds an administrative layer to enterprise applications. MAM™ administrators can further employ app wrapping to set device-independent policy and security elements before deploying it as a fully contained app on their enterprise app store.


More from the Blog
Feb 24, 2020

Android Cracks and App Hacks – What Is StrandHogg?

StrandHogg is a critical v
Read more
Feb 19, 2020

Four application security themes for 2020

The United States was astonished recently when the Iowa Democratic caucuses vote count failed due to a bad app.
Read more
Feb 05, 2020

Financial Mobile App Vulnerability FAQs

Last year research by Aite Group examined mobile application security vulnerabilities across eight financial services sectors ...
Read more