Appthority has released it Enterprise Mobile Threat Update for Q3 2016, which provides insight into the mobile threat landscape over the last quarter.
Appthority’s Enterprise Mobile Threat Team monitors and researches the latest mobile risks that are direct threats to the enterprise. The data is compiled into the quarterly Enterprise Mobile Threat Update, aimed at providing in-depth analysis of the top enterprise mobile threats for IT mobility & security teams.
In the Q3 Update, Appthority reviews two major vulnerability types surfacing in Android apps - autorooting and overlay malware, offers analysis on whether Apple’s faster app review times have coincided with vulnerabilities the Apple App Store starting experiencing last summer, and assesses the new Android permissions model to see if apps are getting safer with its more granular runtime permissions.
Key highlights from the report include:
- Godless, LevelDropper, and Overlay have recently surfaced in the Google Play Store, all in the month June. These types of mobile vulnerabilities can have adverse effects on the enterprise, including decreased employee productivity and weakened data security.
- Faster Apple app review times have not been accompanied by enhanced security vetting. Apps with malware and security vulnerabilities continue to surface in the Apple App Store as well as the Google Play Store.
- In apps tracked in Appthority’s enterprise database, nearly half of the 24 permissions labeled “dangerous” saw a net reduction with Android’s new permission model. Thus, the new permission model is progress for app security, there is more that can be done to help users protect their privacy and their data. Appthority suggests taking additional steps such as requiring developers to always state why a certain permission is being requested, including an explanation of how the app would make use of the information, and further increasing the granularity of permissions to narrow the sensitive data being accessed by each permission.