Apps passed the test if researchers couldn't find the data or found that the stored data was encrypted. Those apps in the middle, ones where researchers found data but felt that the data collected didn't pose much of a risk, these apps were giving a "warn" rating.
As you would probably guess, social networking apps were the worst offenders. viaForensics tested 19 social networking apps, and 14 of the them failed. The remaining ones all received "warn" ratings.
The failing apps didn't just fail to encrypt data, often storing it in clear text, but many apps also stored passwords in plain text and stored and potentially exposed other sensitive data that could easily be used for identity theft.
The only apps that did reasonably well were the financial ones -- where security is obviously at a premium. Only 8 out of 32 financial apps failed.
Appthority found that the passage of a year did little to bolster the security of mobile apps. Appthority recently studied the top 50 free apps on iOS and Android and found that 96% of iOS apps and 84% of Android apps have the ability to access sensitive information, such as contact information, calendar details or physical location, from the device.
Gaming apps were the worst offenders, but many apps dubbed "business" apps also accessed things like address books, and the majority of them connected to some an ad network and served up behavioral analytics to that network.
Is it any wonder that entire industries are developing their own app storefronts?
Risks Arise as Work Lives and Home Lives Blend
The blending of work life with home life presents its own set of risks. "From a technology perspective, it's difficult to separate employees' personal lives from their professional lives, and vice versa. The traditional 9 a.m. to 5 p.m. work day is disappearing and more and more people are working whenever and wherever they want. This means that they might be answering work emails at 10:30 at night," said Dave Snow, CMO for Xigo, a provider of EMM software solutions.
This also means that a lot of important work info will be taken home and transferred to a different device. If a user backs up a phone (with contact lists, emails and other sensitive data) to a home PC, malware on the PC could expose the organization. It could even provide a backdoor into the organization if identity credentials are compromised. If a hacker on the other end of a keylogger finds out you work for a Fortune 500 company and that you favor the password "Wolfgang2012," you'd better believe that the next thing he'll try to do is access your corporate network.