With all the flap about Flappy Bird fakes and Trojanised games, you'd probably figure that games must be the riskiest app category. You'd figure wrong, according to Marble Mobile Security's researchers. They analysed over 200,000 apps in 34 categories, and found games to be the least risky. Let's take a closer look at their findings...
The just-released study rated apps in five distinct risk categories: Privacy, Data leak, Account takeover, Device takeover, and Malware. Apps with Privacy problems leak personally identifiable information to third parties, while those that expose companies to loss of data fall in the Data leak category. Account takeover refers to apps that steal user credentials, while Device takeover means the app exposes data that would allow a malefactor to completely own or clone the device. Finally, apps that are purely malicious fall into the Malware category.
Researchers checked each app on several different levels, starting with a simple static analysis of permissions requested by the apps and links to risky advertising libraries. They ran dynamic analyses of apps to check for problems that evolve over time, and to check whether the apps contact known malicious websites.
To cap off the testing process, they put each app under the microscope in a virtualised environment. This allowed them to empirically check for behaviours like leaking data, exposing passwords, and more.
With all the data in hand, the researchers assigned a risk score to each app in each of the five risk categories. They calculated the average score in each category and, using statistical techniques, flagged any app with a statistically significant deviation from that average as risky. Finally, they tallied up the percentage of risky apps in each app type.
Communication apps topped the list; over ten per cent of them got tagged as risky. Social media apps came next, with around nine per cent risky. Somewhat to my surprise, the "news and magazines" category was third, with a bit over eight per cent risky apps. Safest of all, according to this study, were game apps, with less than one per cent of them identified as risky.
The full report points out that consumers may well accept risk levels that businesses wouldn't. Data leakage in particular is more of a business problem. It concludes: "Companies should monitor or restrict use of these apps on devices that connect to corporate networks, data or online cloud services. Risk-based restrictions are more important than ever, given the ever-growing number of apps and the increased use of mobile devices in the enterprise."
Where can you get the necessary protection for your business? Not surprisingly, Marble Mobile Security offers a number of choices, among them an encrypted messaging app, a hosted VPN, and Mobile Device Management solutions. Other players in this space include Zscaler and MobileIron.