Study: Mobile App Data Mining a Bigger Threat Than Malware

Malware is always a major concern for mobile device users. However, a new study suggests there may be a more dangerous threat lurking within your apps.

According to mobile app risk management vendor Appthority, a majority of the most popular iOS and Android apps exhibit risky behavior when it comes to sharing personal information with third-party marketers, including accessing users’ contacts, calendars, locations and more. The unwarranted data mining from these apps is actually more of a threat to users than malware, due to both the prevalence of app snooping on personal information and the general naïvety of users when it comes to protecting their own data, according to the company.

So why should we care if Angry Birds can access our contact list or your favorite banking app can look at your purchase history? According to CSO, the unencrypted flow of user data over unprotected networks could mean that more than just marketing companies are sniffing around in your personal info.

“Having analyzed over 2.3 million apps for our customers, we have found that less than 0.4 percent of apps have malware, while 79 percent had other kinds of enterprise risk,” said Domingo Guera, the cofounder and president of Appthority, in an interview with CSO. "Apps are generally collecting more information than they need. Why does a flashlight app need my location, calendar and address book? The issue this creates is that these databases are not always built securely and can become targets for criminals or governments—recall NSA's comments about using Angry Birds data to track user data."

Not surprisingly, Appthority found that gaming apps are the most likely to access your private data, with free gaming apps taking the top spot when it comes to accessing information they shouldn’t. However, the company also reported that about a third of non-gaming apps track in-app purchases, while more than half of these apps also track location.

Appthority’s report concluded that paid apps are ultimately less risky than free apps, but both have a long way to go when it comes to respecting the privacy of users.

The problem with data mining becomes even more important in the context of BYOD devices, which are utilized for both personal and professional use. IT organizations need to be extra careful when it comes to mobile device management to stop sensitive information from getting into the wrong hands. Strong passwords, network encryption and limiting the number of apps downloaded on devices are some ways to stem the flow of data leakage, the CSO article noted. But the most important way to keep private data secure is to be aware always that data flows two ways. Just as you wouldn’t leave your front door open at night, don’t leave your devices open to data theft by being sloppy.