UK guidance on mobile app security low, research shows

Only one in 20 UK workers are given guidance on mobile app security, a study has shown

Only one in 20 UK workers are given guidance on mobile app security, according to research by mobile secure data gateway provider Wandera.

In contrast, more than three times as many employees have been given security advice regarding desktops than mobile devices.

This is despite Gartner predictions that, by 2017, 75% of mobile security breaches will be the result of mobile app misconfiguration and misuse.

The research also revealed that only 50% of the UK public feel safe using a smartphone, compared with 69% who feel safe using desktop computers.

According to Wandera’s technology, seven in 10 devices in its network are transmitting sensitive data that is not encrypted and one in five devices are running apps that are vulnerable to local access attack.

more on mobile security

Severe vulnerabilities recently discovered in apps include:

  • The Pizza Express app, which transmits personal details including username, password, date of birth and children’s ages and genders;
  • The Economist app, which transmits email and hashed password information in the clear;
  • The CNBC PRO app, which leaks credentials, allowing access to full names, addresses, telephone numbers and other sensitive information.

Eldar Tuvey, chief executive of Wandera, said: “Some popular business-related apps, such as the Hilton app, have recently been patched, but for a long time were openly providing access to sensitive personal information. Unfortunately, we have identified numerous other apps that are just as insecure.”

He said businesses need a new approach to deal with the changing threat landscape of insecure, leaky and malicious apps, malware and targeted phishing attacks.

“Fragmented, piecemeal security simply will not do any more. Existing security solutions do not go far enough or deep enough to protect your organisation,” said Tuvey.

Wandera has opted to tackle threats to corporate mobile devices by layering on-device security with real-time scanning of all data, apps and websites to stop threats reaching corporate networks.

“Mobile attacks are growing on all platforms, but it is clear that many businesses are still underestimating the severity and risk that tablets and smartphones can present,” said Tuvey.

Read more on Endpoint security