Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.

HP Enterprise Uncovers Dangers Of Data Collection In Mobile Applications

By - Source: Hewlett Packard Enterprise

How much of your personal information are you disclosing by using third party apps on your mobile device?  Hewlett Packard Enterprise (HPE) revealed the results of an in depth study on the data access and privacy concerns that plague apps for both iOS and Android. The HPE Mobile Application Security Report 2016, the findings of which were released in correlation with the RSA security conference, took looked at more than 36,000 apps across a wide range of categories. The report highlights a widespread overreach of applications that gather data about whom you’re meeting with and exactly where you and your children live, work and go to school.

These results were gathered through the use of HPE Security Fortify on Demand tool, which scans mobile applications for security risks and vulnerabilities. One feature of this tool, Fortify Scan Analytics, applies machine-learning technology to historical application security scan results, allowing a more drilled-down scan into areas that have been previous pain points in an application’s security.

Some of the recurring problems found during the analysis were applications that accessed data unrelated to their use, creating unnecessary log files and a reliance on advertising and analytics frameworks.

When applications access data that is unrelated to the application, it can provide the developers with personal and private information. While a weather application or a traffic application needs to access your location to provide its main functionality, most other apps do not. Likewise, a weather app that does make use of your location to give you accurate weather information should not need access to your calendar information.

Log files are another common security risk. Hugely important for tracking down bugs and developing software that is reliable, log files provide a detailed accounting of what goes on inside the application. However, once the application is no longer in development and has been released, those log files can present a target that is rich with information about the app owner.

In ad and analytics frameworks, they provide an easy way to monetize an application and get data back on who is using it, how often, and what happens when they do. However, it’s important for both application developers and app customers to understand that these analytics frameworks provide a gateway into the mobile device. And neither the owner of the phone nor the developer of the app are in any control over the coding of the frameworks that the app is using.

“Modern mobile applications are collecting, transmitting and storing a wide range of data that often is not necessary to the application’s function, and can cause significant financial and reputation damage if a vulnerability is exploited,” said Jason Schmitt, vice president and general manager, HPE Security Fortify at Hewlett Packard Enterprise. “With attackers’ growing interest in mobile, it’s critical that developers build security into applications from the onset, and organizations take a proactive approach to data security to better protect both personal and corporate data.”

If you’re wondering if the applications on your phone are accessing and storing too much data about you, you’re not alone. You can minimize some of the access of applications by revoking access of apps to content areas that they don’t need. Be vigilant when installing apps and do not assume that an app is only asking for access that it requires to function. And finally, be wary of apps that store large amounts of data.