Do you know what your apps have access to?
With the forecast of 4.77 billion mobile devices in use by the end of 2017, it is clear that this is a tool the majority of us would find hard to give up.
The shift to the use of mobile devices has also been embraced by organisations given the many benefits they offer, such as increased productivity, staff engagement and employee satisfaction (Bring-Your-Own-Device, anyone?). ComScore (2014) reported that mobiles overtook the use of desktops in 2014, and the numbers have been steadily rising since.
As we all know, the era of smart devices is here, so let’s talk about the part that makes them smart—the applications. According to a study by Flurry, 86% of our time online is spent using apps as opposed to just browsing the Internet. We use apps for virtually everything—responding to personal and corporate emails, collaborating on projects with colleagues via real-time messaging apps, tracking calories, making payments, meeting new people, etc.
We must keep in mind that while apps certainly can be useful, not all apps are secure and some may pose many threats to the user. A recent study conducted by Mobile Ecosystem Forum (MEF) suggests that people seem to have become better at filtering apps they are about to download based on what the app is requesting to access. Let’s take a closer look at what they found and what the implications to the business are.
The good news is that a lack of trust is still the main reason we are hesitant to click “download app”, with 36% of those surveyed confirming that they either do not want to share personal information, or have trust issues because of the app’s security and/or reputation. For example, iOS users will be well familiar with the infamous XcodeGhost where the app developer compromises the iOS developer platform, Xcode, injecting it with a malicious code.
However, not every malicious app is intended to be malicious; sometimes the developer is just sloppy. Recently, Appthority found over 1000 apps that left enterprises exposed due to developers’ poor coding skills and inability to secure the back-end servers and databases providing data to the apps.
Getting back to the MEF survey, what stood out to me the most was that 12% said it is actually the network speed preventing them from using an app. This could be a potential deal breaker where no Wi-Fi is available and network is too weak or is down completely. If you have mobile device management, you can push out apps to your mobile fleet, but without any data connection, your users will not be able to complete the download or the update. In addition, think of all the times you have been using an app and the connection was suddenly lost. Yes, some apps allow offline mode, however in certain situations, the delay in getting the information processed and sent can cause significant issues to both the customer and your organisation. Luckily, this can be easily overcome by having a robust Mobile Performance Management Software.
If you are also of opinion that in order to be able to use an app of your choosing, you have to agree to its various T&Cs, then you are not alone. In fact, 41% of those surveyed confirmed they felt the same. This is an increase of 7% in just one year! Does it mean that the other 59% are not worried at all? Let me ask you, have you ever wondered why a sandwich app is requesting access to your contact list, location, camera and microphone when all you want to do is collect points for a free roll?
If this indeed is not of concern to the user, the business should feel very differently. MEF reported that currently only 38% of users have stopped using an app that worried them (yet left it installed), just over a half of users have decided to delete it, and the rest have taken no action in this regard. These numbers should be a big concern for organisations, however the issue here is that they usually have no idea what kind of permissions the apps installed by their employees are demanding as they have no means of seeing and reviewing them.
Most of us have heard of GDPR coming into action from May 2018, and according to the Vice President of Innovation and Emerging Technology at MEF, Eve Maler, it is not just the businesses that seem to be changing views on data protection; the end-users are changing as well. Maler said, “Building trusted digital relationships in a mobile context is not just a matter of doing the minimum to satisfy regulators. It must involve satisfying consumers’ needs for personal data protection, giving them transparency into what you know about them, and providing options for consent, choice and control”.
This goes without saying; nobody wants to have their personal information floating about cyberspace ready to be exploited. However, to protect yourself and your organisation it is not enough to just delete an app when you cannot see what is really going on in the background. According to research conducted by Lookout, over a third of Americans have had their identity stolen in the past, and over three quarters of those surveyed would not have a clue what to do if such an incident happened to them. Would you?
Interestingly, MEF reported that 47% of survey participants would be happy to pay for an app that did not share their personal information. This is definitely a big step forward as it suggests that we are changing our views and expectations of free and paid apps. Moreover, achieving and maintaining security in the cyber world has become a must (especially for organisations), and so it is important that relevant costs are not seen as “just another overhead expense”, but rather as a long-term investment that will prevent the organisation from being exposed to breaches.
The key takeaway message is that consumers are becoming increasingly aware of the potential risks that apps can pose and are prepared to take the necessary actions. This should be seen as a red flag to organisations that still have no visibility into what data and information their apps are accessing. Thankfully, it is very simple to overcome this, as there are solutions out there with the ability to flag an app’s risky behaviour, detect malware and provide the business with a detailed report to help drive its security decisions.
Still not convinced?