Courtesy navigation

The business risks of smart phone apps

The business risks of smart phone apps

November 12, 2012 by Paul Ridden

The business risks of smart phone appsSmart phone applications could pose a significant threat to your company’s IT system in terms of security, availability or mobile data costs if left unchecked.

In a worst-case scenario, valuable and sensitive data could be at risk if you allow employees to download and install apps at will to their personal and work devices.

Read the terms and conditions

While smart phone settings can vary from device to device, all potentially leave a company open to abuse. Every time you install an app, it's important to check what resources and data the app is requesting permission to use.

At some point, everyone has skipped through lengthy terms and conditions to save time. It's these terms and conditions which often explain what data the app will use and how it will use it - so not reading them could mean unwittingly giving an app control over sensitive data, or even the phone itself.

Although an app may appear to be a harmless game or a useful productivity tool, there is nothing to stop it from including code to send a text message, make a phone call or even read data stored on the phone and upload it to an external server.

Minimise app risks

To minimise these risks, your business and its employees should consider some simple steps:

  • Only use apps from credible sources. Check the app's website to see who created it. Search online for the name to see if anyone else has reported problems with it.
  • Ask if you really need each app. The fewer new apps you install, the lower the risk.
  • Check the developer behind the app. Are they established and trustworthy? Do they have something to lose?
  • Check what permissions the app is asking for. Are these what you'd expect? For instance, a collaboration tool might need access to the phone functions or the internet, but would a standalone game?
  • If in doubt, say no to the download or modify the permissions (if you can) to only let it access the features you'd expect it to need.
  • If you are unsure about anything, seek advice from someone who knows what it all means - such as your IT manager, your IT supplier or an expert.

How sure can you be that a company promoting an app has not included hidden features or a developer has not included some malicious code? Software vendors with a track record of delivering solutions to businesses generally have the development disciplines in place to protect you from these risks, so beware the unproven startup or one man band developer.

Smart phone apps are extremely attractive, but it’s important not to forget that under the veneer of simplicity, IT is extremely complex. Your systems can be manipulated by people who understand that complexity, if they are left unchecked.

Paul Ridden is Managing Director of Skillweb, a privately owned, UK based business that provides technology solutions designed to help organisations manage their mobile workforces and track the movement of their goods.

Comments

The mobile ecosystem presents developers with both challenges and opportunities.  Before getting into the nuts and bolts of data security, consider the landscape:

Make someone responsible for security.

Take stock of the data you collect and retain.

Understand differences between mobile platforms.

Don’t rely on a platform alone to protect your users.

Generate credentials securely.

Use transit encryption for usernames, passwords, and other important data.

Protect your servers, too.

Don’t store passwords in plain text.

You’re not done once you release your app.  Stay aware and communicate with your users.

Add a comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <p>
  • Lines and paragraphs break automatically.
  • Links to specified hosts will have a rel="nofollow" added to them.

When you click 'Register' to create a new account, you accept our terms of service and privacy policy