You don’t have to search far for apps that will help you do your job better and make life easier. The challenge is finding third-party apps that adhere to your agency’s security policies and won’t unknowingly track your location and access unauthorized data.
Those apps are few and far between, according to new data released by Gartner. The IT research firm says more than 75 percent of mobile applications will fail basic security tests through 2015, leaving them exposed to attacks and violations of enterprise security policies. It doesn’t help that more than 90 percent of enterprise bring-your-own-device programs use third-party apps, most of which are unsecure. And organizations don’t have the expertise when it comes to handling mobile app security.
“Most enterprises are inexperienced in mobile application security,” Dionisio Zumerle, principal research analyst at Gartner, said in a news release. “Even when application security testing is undertaken, it is often done casually by developers who are mostly concerned with the functionality of applications, not their security.”
Instead, organizations should be focused on data protection and application containment solutions, such as application “wrapping, software development kits or hardening,” Gartner recommended in the release.
An August report by McAfee Labs found that total mobile malware rose 17 percent in the second quarter to about 4.5 million. The number of new mobile malware dipped slightly to a little less than 700,000.
Vendors often use static application security testing and dynamic application security testing to detect malicious apps, Gartner explained. And a new type of test provides behavioral analysis. The testing technology monitors applications while they’re open to identify any malicious or risky background behavior, such as accessing contact lists or initiating data transmissions to an external IP address.
In the future, misconfigured mobile apps will be the source of many breaches, according to Gartner. It predicted “75 percent of mobile security breaches will be the result of mobile application misconfigurations, rather than the outcome of deeply technical attacks on mobile devices,” through 2017.