A new report from cloud security provider Zscaler has revealed the extent of data leakage from iOS and Android apps – and the threat this poses to enterprises.
Zscaler company analyzed more than 45 million transactions related to mobile devices through its cloud, and found that 0.3% of the 20 million Android transactions and 0.5% of the 26 million iOS transactions are resulting in some level of privacy leakage.
For 58% of Android and 72% of iOS privacy leaks, the information is around device metadata – apps sending identifying information, such as network, OS and SIM card. 39% and 27% of Android and iOS respectively was around location, including exact latitude and longitude coordinates, while 3% for Android is PII (personally identifiable information) leakages, such as mobile numbers and email addresses. For iOS, PII is at 0.2% of overall leaks.
Breakdown of privacy - Android Devices
Of all the leaks, 58% are related to device metadata leakage. Another high percentage of leaks — 39.3% — are related to the user’s location, including exact latitude and longitude coordinates. The remaining 3% of transactions result in personally identifiable information leakages, including the user's mobile number and email address. 1% of privacy leakages are observed from malicious transactions and the rest are related to Android app usage.
Breakdown of privacy - iOS Devices
In iOS, it is noted that approximately 26 million transactions quarterly through the cloud, and 0.5% result in privacy-related information being sent. Of all iOS transactions that result in privacy-related information being sent, 72.3% of the transactions are related to the user's device information. An additional 27.5% of transactions are resulting in the user's location being sent, and 0.2%t of transactions result in sending PII-related information. Of all the transactions in which privacy-related information is being sent, 5% of them are the result of malicious infections.
“These statistics demonstrate that significant amounts of personal data can be leaked simply by tapping into any organization's traffic,” Viral Gandhi, senior security researcher at Zscaler notes. “In our cloud alone we saw nearly 200,000 examples of such leaks. All that leaking data can be leveraged for more sophisticated attacks.”
A study by IBM & The Ponemon Institute shows that of the 400 organizations studied, almost 40% do not scan the apps they develop for security vulnerabilities. And, even more worrisome, 50% of those that develop mobile apps do not allocate any budget at all to testing for security vulnerabilities.
So don't count on the developers to protect you. Organizations must take steps to protect their users and the broader network infrastructure and data assets. Ultimately, the company notes that observing the leakage from iOS and Android apps is another warning for companies to protect their users and their broader network infrastructure. “They should be applying strict MDM policies and educating employees about app security in an effort to stave off any kind of data loss or security breach,” Gandhi adds.
To read more about Mobile privacy trends Click Here
No comments:
Post a Comment