Apps leaking credit card data on enterprise mobile devices is nothing new, but when the number of such apps increases by almost a fifth in a single quarter, that's a problem.
That is exactly what mobile data security firm Wandera uncovered in its latest reserach report – a 17 per cent increase in such apps. Besides apps, Wandera also says mobile websites are no better, including a couple of prominent brands, including the Hong Kong metro system.
Besides uncovering the data leaking apps, the security firm also says malicious domain access increased at a rate of 200 per cent per month in the first quarter of 2016.
“The report illustrates that despite their best efforts in avoiding malware, for instance through identifying phishing attacks, users are unfortunately being caught unawares by compromised ad frameworks in trusted apps,” said Eldar Tuvey, CEO of Wandera.
“Even the app owners themselves are not directly responsible for the adverts that may appear within their apps, as they come from the frameworks, so CIOs must help their employees with further detailed education on what may constitute a compromised ad. One wrong tap in a game or in-app ad might be enough for the user to be redirected to an unofficial app store, fake website or to be directly offered the installation of a malicious app.”
Mobile data encryption is also on the rise. Sevent per cent of all data from apps is now encrypted, representing a 21 per cent jump in the last 12 months. Browser encryption, unfortunately, has seen an encryption jump of only 13 per cent, to a total of 52 per cent.
Six of the top 10 apps by data usage are non-work-related, accounting for on average 18 per cent of data usage.
“It is of course a positive that encryption in browsers and in apps is increasing – but there is still an awfully long way to go, especially within browsers,” commented Tuvey. “Developers and brands are clearly recognising the importance of encryption, hence the gradual rise in security measures being put in place. But the rate of improvement must continue, and even accelerate in order to support enterprise security. In the meantime, the onus remains on the enterprise itself to enforce its own monitoring, rules and education to counter the risks.”
Encryption has become one of the biggest issues in the mobile industry as of lately, especially after the FBI / Apple clash over the unlocking of the iPhone 5C belonging to the San Bernardino shooter. Both Google and Apple have improved the encryption features in their mobile operating systems, and following WhatsApp's recent announcement that it has encrypted all of its communications, another communications app, Viber, has followed in the same footsteps.
Image Credit: Shutterstock / Sdecoret