Security

March Madness Apps May Be Accessing Your Data

Tuesday, March 15, 2016

In its mobile app risk assessment report “March Madness or April Foods” Flexera Software highlighted BYOD security issues by analyzing the annual March Madness craze as employees are using apps on their corporate and BYOD devices to stream content, complete brackets and track March Madness activities.

The report focused on what data these apps access, what device features they can interact with and could these apps pose a potential security risk to organizations or violate their BYOD policies. The report examined 28 popular media and sporting apps that are available in the Apple App Store to assess them for potential BYOD risk to organizations.

The apps tested were: Breaking!, CBS Sports, Daily Bracket, DIRECTV, DISH, DraftKings, ESPN, fanatic, FanDuel, FantasyFootball, MarchMadnessLive, Rotoworld, SeatGeek, Yahoo Sportacular, Sports Feed, Sportsmanias, StubHub, SXMLiveAudioPlayer, Team Stream, theScore, Thuuz, TournamentChallenge, TuneIn Radio, Twitter, Watch TBS, Watch TNT, WatchESPN, and XPlay.

Among the reports findings were:

- 79 percent, including CBS Sports, Dish and Tournament Challenge are capable of accessing the device’s location tracking functionality.

- 71 percent, including CBS Sports, Daily Bracket and March Madness Live are capable of accessing and sharing data with social networking sites connected to the device.

- 68 percent, including ESPN, Sports Feed and Twitter can access the device’s SMS texting functionality.

- 61 percent, including CBS Sports, ESPN and March Madness Live can access the device’s calendar.