Now Is the Time To Act on App Threats
Not a day goes by that we aren’t warned about threats to our privacy online. As I’m writing this, the current dustup is over the Facebook messenger app, which apparently knows everything about you down to the color of your unmentionables.
For small businesses the threat posed by the panoply of apps employees carry around on their mobile devices is quite real.
Appthority just released its Summer 2014 App Reputation Report that surveys the threats posed by free and paid apps. In a world where everyone is commingling personal apps and apps intended for business use on their own devices, small business owners need to understand the stakes and implement appropriate policies.
First, let me say that both iOS and Android apps pose problems and while both free and paid apps are problematic, free apps are the bigger problem – essentially all free apps pose risks. The figure is between 80 and 90 percent for paid apps.
Pernicious data collection
When you and your employees “agree” to the conditions that allow an app to be installed on your device, here’s what you’re agreeing to that puts you at some risk:
- Allowing the app to track your location,
- Allowing the app access to your contacts,
- Allowing the app access to your calendar,
- Allowing the app to connect the unique device ID to the user, and
- Allowing in-app purchases.
The data that is gathered by allowing your apps to access this information goes to a variety of places. Most is sold to advertisers so they can better target the ads you see.
The privacy concerns you might have as an individual are somewhat different than those you have as a small business owner, and probably the biggest single concern is access to contacts.
Mixing business and pleasure
If you and your employees sync your devises with software such as Outlook, you are undoubtedly carrying around contact information that includes both personal and business data. By allowing your apps to access this data, you are exposing business contacts to third parties and perhaps increasing the risk for corporate espionage and theft of valuable contacts, according to the Appthority report. You are certainly exposing your business contacts to increased spam.
Also, not to get overly Jack Bauer-ish about it, the report points out that location reporting could allow corporate executives to be tracked. Even if this seems unlikely today, it’s best to be aware of the potential and account for it in your mobile device policy and training.
There is no way around the fact that you need to do a risk assessment for your business, consult with your IT team and formulate a policy and strategy. It should include training your employees, controlling company data and instilling good online habits in your team, such as logging out of apps and changing passwords.
Image: Image: Mobile Apps & Games, © 2011 methodshop, used under a Creative Commons Attribution-ShareAlike license.