Ad-Supported Apps Pose Data Privacy & Security Risks

Mobile risks come in a variety of shapes and sizes. Some are invisible, some hide in plain sight. Among the latter are ad-supported apps. With the Facebook and Cambridge Analytica scandals in the news, the Appthority Mobile Threat Team wanted to put some numbers around how many of apps are directly accessing and using personal information for advertising. And, we wanted to share our insights on the risks associated with ad-supported apps.

Our analysis uncovered over 24,000 iOS apps in enterprises that ask for data for advertising 

Our analysis uncovered over 24,000 iOS apps in enterprise environments that ask for data access for advertising purposes. To find these apps, we analyzed the permission request fields inside the iOS plist, such as “NSCalendarsUsageDescription” and “NSPhotoLibraryUsageDescription” keys. The text inside these keys is displayed to users in alert panels when an app prompts the user to allow data access.

The top 10 ad-supported apps in enterprises can be found in the report, available for download here.

Over 98% of enterprises have apps in their environments that display ads. The 24,000 — or ~1% of apps we analyzed — were just the ones that openly ask users for access permission to deeper device functionality such as bluetooth or the user’s calendar for advertising purposes.

Apps that access data for advertising contain additional risks compared to apps that access data for in-app functions that would be easily known and understood by the user. Users and enterprises often lack visibility into this kind of third-party data access. Additionally, the risks of sharing data that doesn’t relate to an app’s function- additional data that can impinge on privacy – may not be worth the cost of a free app to either the user or the enterprise they work for.

Enterprises should ask these 5 questions about the apps in their environments:

  1. Which apps and Who are accessing the data?
  2. What user data is being accessed?
  3. Why is the data being accessed?
  4. How is the data transmitted?
  5. Where and How is the data stored?

The report gives a breakdown by type of data accessed as well as by category of apps that collect data for advertising purposes. We also provide recommendations to protect against excessive data collection by ad-supported apps for mobile users and for enterprises.

Over 98% of enterprises have apps in their environments that display ads. Get the full report here.


*** This is a Security Bloggers Network syndicated blog from Mobile Threat Blog Posts | Appthority authored by Su Mon Kywe. Read the original post at: