“1 in 50 iOS Apps Is Leaking Data to Third Parties,” Security Report Reveals
iOS is considered the most secure mobile operating system out there. While this isn't totally untrue considering how other options (read: Android) get delayed security updates, it also creates a false notion of security for iOS users. The operating system is still open to security threats as has been reported by several analyses by security researchers that come to the front so very often.
One latest report notes that while the insecurities of Android are well documented, iOS doesn't get that much attention in the press. 1 in 50 iOS apps used in enterprise environments could potentially leak sensitive data, according to this latest report by Zimperium, a security company that offers next generation machine learning endpoint protection for mobile devices.
"This is a significant concern to enterprises since 1 of 50 apps is potentially leaking data to third parties," the report says.
"Enterprises have no way to detect this type of risk unless they are scanning apps for security or privacy issues. Through deep analysis, Zimperium researchers found the 1101 apps downloaded over 50 million times. Companies and individuals should be concerned if these iOS apps are on their devices and inside of their networks."
The Global Threat Report Q2-2017 [PDF] covers the second quarter of the year from April 1 to June 30, 2017. The company added that it focused on enterprise data leaks because criminal hackers mostly invest their capabilities on getting access to enterprise data via mobile phones thanks to least resistance. This could be done using malicious apps, using unpatched vulnerabilities or unprotected networks to launch man in the middle attacks.
Problem seems to be escalating as more businesses offer on-the-go data access to their employees
It is no surprise that criminals have started to focus their abilities on hacking into mobile platforms as more users adopt the smaller screens. While we aren't yet replacing the traditional PCs with mobile phones, a number of jobs in an enterprise environment are done using a mobile phone.
The number of people using the mobile phones has "continually increased every quarter since users prefer the ease of use and the flexibility to work wherever, whenever via their iOS- based and Android-based smartphones," the report said. "As a result, personal and business data (e.g., emails, contacts, calendars, documents, photos, credentials) on mobile devices are exposed to threats now, more than ever."
It warned that cyber criminals are "more likely to take the path of least resistance and enterprise data is most vulnerable via mobile devices since most of time spent is away from secure networks, on public Wi-Fi and on apps that IT and security do not control or administer."
It is not to suggest if Android is more secure or if iOS lacks security measures. The latest report only adds to the already available data that more and more cyber criminals are now focusing on iOS thanks to the increased enterprise adoption of the mobile operating system. Whether you are on Windows, Android, iOS, macOS, Chrome OS, or any other operating system - be cautious of the publicly known attack vectors like unprotected WiFi networks and apps from unknown developers.