Business Apps Remain Corporate Security ‘Blindspot’

Security firm Wandera SmartWire Labs has warned that the most widely used business applications all fail to protect personally identifiable information, placing privacy and security at risk.

The company’s report assessed the evolution and impact of hidden mobile threats to corporate systems across Europe, the US and Asia and tested a number of vital enterprise apps.

However it declined to name a single specific service. Wandera confirmed to TechweekEurope they were the ten most widely used by enterprise employees around the world and have been downloaded an estimated 1.4 billion times from the Google Play store.

Corporate Blindspot?

Within Apple’s App Store, they fall within the top 0.05 percent of all published apps and are primarily classified in the business and productivity categories. The firm did point out there were “very specific failings” with all of the apps.

Wandera said that the OWASP (Open Web Application Security Project) test revealed the most common vulnerabilities are insecure data storage, insufficient transport layer protection, lack of binary protections and poor authorisation and authentication.

Wandera found that all of the top 10 apps failed to use secure data storage to protect Personally Identifiable Information. It also tested a total of 28 business apps, and found all of the top apps contain at least five weaknesses.

It said that 90 percent of the apps are vulnerable to Man-in-the-Middle attacks due to Certificate Pinning, and all of the apps tested are vulnerable to at least three of the OWASP  top 10 mobile risks.

Furthermore, 8 out of the 10 apps allow the use of weak passwords and 3 out of 10 apps allow the use of weak encryption.

“In our increasingly mobile world, enterprises need to gain complete visibility in order to maintain control of their mobile data, ensure compliance and prevent mobile security threats,” said Eldar Tuvey, CEO of Wandera. “Security is an essential concern when it comes to mobile app development and it should not be sacrificed for the sake of speed and convenience.”

Wandera warned system admins that data leaks from poorly designed apps and device vulnerabilities, could be used as building blocks in more targeted cyber attacks against their business.

However businesses would surely be more protected if they know the identity of the apps in question.

App Vulnerabilities

Wandera is not the only firm to warn of their potential vulnerabilities.

Last month for example a survey from Trustwave revealed that as many as 97 percent of apps had at least one vulnerability last year.

And two US federal agencies, the Federal Communications Commission (FCC) and Federal Trade Commission (FTC) have just announced an investigation into the patching process of both mobile manufacturers and mobile operators.

The agencies are concerned these organisations are not taking their patching duties seriously enough, as both consumers and businesses conduct ever more of their daily activities on mobile devices.

Are you a security pro? Try our quiz!