We all know that nothing in life is free. This phrase is particularly apt when downloading so-called ‘free’ apps on mobile devices. I admit I’ve done it. In fact, I bet we’d all be hard-pushed to find someone who has a smart phone that doesn’t have free apps installed on it.
DOWNLOADING FREE APPS BRINGS RISKS
Once you download an app, you blithely hit ‘I agree’ to the terms and conditions. But, what is the real cost of a free app? The moment you hit download, you start becoming a product. You become the product because you’re ‘selling’ (okay, in app parlance, you’re giving access to) your data. It could be your contacts – phone numbers or email addresses. It could even be your photos or geo-location.
Once you have allowed the app to have access to your device and your data, your data becomes valuable – a monetary value to somebody somewhere in the world. By downloading and using the app, you have really given away the rights to your own data.
SHOULD YOU BE CONCERNED?
As an individual consumer, you may not mind this too much. You might ask yourself, “I’ve downloaded a free app, I’ve looked at the permissions, they’re going to have access to my contacts – do I really care? No, probably not. I’ll get a lot of value myself from this app”.
However, is the phone you are using your own device, or is it company-issued? If you’ve been issued with it, are you breaching the trust of the organization? In fact, you may be breaching the trust of the people that you do business with, as you have made all your contacts available to the marketers that sell your data.
INFORMATION IN THE WRONG HANDS
None of us like to be cold-called on our phones; it’s a personal number, how would a cold caller get their hands on it? Lists are created with your number on. However protective you may be, your friends and business associates may be more carefree. You will be getting unsolicited calls and texts, whether you like it or not.
Have you ever asked yourself whether Simple Dialer really needs access to my photos? Why does PayPal really want access to my Wi-Fi connection information? LinkedIn to my call information? Why are applications asking to access other data sources that do not relate to the overall function of the app? The simple answer is to gain access to more of your data.
MOBILE APP PERMISSION LEVELS
This has become a pressing issue in the enterprise space; what app permissions are allowed on mobile phones? Let us look at the figures around permissive apps:
- 97% of users do not understand how permissions correspond to the risks of an app
- More than four in five of us (83%) pay no attention to permissions when installing an app
- 42% of users do not even know what permissions are.
A third of all apps ask for more permissions than they need. The app developer knows what they are doing when they ask for more permissions, of course, the objective is to keep the app free, so it ends up being just a vicious circle. If they can sell your data, they will. People will pay a lot of money for it. And that’s why your app is “free”!
SECURE YOUR MOBILE ENVIRONMENT
So now you can see the size of the problem.
What can you do about it? For year’s enterprise security and IT teams have been creating firewalls to ensure data doesn’t seep out. With the huge increase in mobile devices now connected, it has become imperative that data does not just flow out the door. With an average of 2.9 devices per user and growing, you must consider whether applications can access information on your other devices.
Installing one app on one device may open the door for the app to access your data on multiple devices. We can no longer rely on users to research apps, check ratings or read reviews before they install them, so the organization has to step up and take control.
Many organizations are deploying Enterprise Mobility Management (EMM) solutions, such as Snow Device Manager, to manage and control the full lifecycle of tablets and phones from sourcing to retirement.
A good EMM solution should have an app reputation service integrated. Snow Device Manager boasts such an app reputation service, which enables user’s instant identification of what apps are installed on what devices. With the numbers of Android, iOS and Windows apps now in the millions, an app reputation service comes into its own.
It continuously analyzes apps (and the permissions and rights that each demands on installation) that are available from app stores and other online sources, and it categorizes and scores the apps. In this way, organizations are able to determine which apps it allows or prohibits to its users and Security teams are able to develop policies to identify and manage risk and privacy violations. EMM solutions add the extra layer of security to your device.
Through app identification and standardization, you can effectively reduce the chances of a free app taking your users' data. Like software asset management, there needs to be a proactive approach to application management. A user should feel safe in the knowledge that personal data on their device is safe and secure, and that any corporate data will not leak out into the wrong hands (like competitors or cold-callers).
Standardization of mobile apps will significantly reduce the amount of potentially damaging free applications that has the ability to open your user’s data to the world. Incorporating a standard list of mobile applications is something that needs consideration when defining a mobile strategy.
I recently published a blog post providing useful hints and tips on how to determine your mobile strategy.
Alan Giles is Business Unit Manager for Mobility at Snow Software in the UK and an experienced Enterprise Mobility Management (EMM) expert.