Appthority: Top Blacklisted iOS & Android Apps

This brief article from Help Net Security, Top blacklisted Android and iOS apps by enterprises caught my eye this morning. The piece highlights a portion of the data from the new Appthority 3Q ’17 Enterprise Mobile Security Pulse Report, which you can download for free.

The Help Net Security article cites the apps blacklisted by enterprises for iOS and for Android, their “Risk Score” and the “Risk Driver.”  IT professionals should take note, not only of the blacklisted apps but of the associated risks.

Appthority_3Q17_Top_10_BL_iOS_Apps

Appthority_3Q17_Top_10_BL_Android_Apps

A few observations:

  • iOS App Risk Drivers are related to data leakage: sending contacts, sending SMS, sending sensitive data
  • Android Risk Drivers were mainly due to malware
  • Riskiest iOS Apps: Facebook, Pandora, Yelp
  • Riskiest Android Apps: Uber, WhatsApp Messenger, Facebook Messenger

There is plenty of food for thought in just this data – know your apps.

From our perspective at Mobile Helix, this data illustrates one of the reasons why a secure container approach is critical for protecting your enterprise data.

I recommend that you download the full report from Appthority. It’s full of interesting data.

–Maureen

 

Mobile App Blacklisting – An Exercise in Futility

sisyphus Image

The theory goes something like this. Mobile apps are the unregulated Wild West. Users are unable to make informed choices about which apps are “safe” and “appropriate” for work and therefore cannot be trusted. IT must assume the worst and create a “blacklist”1 of risky applications that that cannot be downloaded to any personal mobile device “approved” for work. This ensures the enterprise remains safe and free from infection while allowing employees to work using personal mobile devices. IT can sleep easier at night, employees are happy. Well, not really…

The App store had 1.3 million applications available for download in September 20142. This number is growing rapidly, from 1 million in October 2013. Then there is the Google Play store, the Windows store and others. How in practice can the IT team of any average company stay current on this vast app offering, blessing the good and weeding out the bad apples? Well they cannot. As fast as IT blacklists, enticing new apps appear. IT has no choice but to blacklist indiscriminately – preventing employees from using many powerful and completely benign mobile apps to do their jobs. An exercise in futility indeed. So, is app blacklisting worth the considerable effort required to implement and enforce?

Not only is app blacklisting an exercise in futility, it is also directly contrary to the compelling reasons to embrace enterprise mobility in the first place. Recent research from Citrix3 shows that two of the five most commonly blacklisted mobile apps are Dropbox (for file access and sharing) and personal email. Does blacklisting Dropbox and personal email access help or hinder the enterprise?

Employees need access to their enterprise files to work. Accessing personal email on a personal mobile device is a critical need. Why are users downloading Dropbox and personal email to their personal mobile devices? Is it so they can maliciously infect enterprise networks and threaten sensitive corporate data or is it so they can work more and be more productive in their personal time while outside the office? The answer is pretty obvious.

The majority of employees are motivated by good. They want to work as productively and effectively as possible. They want to use their down-time efficiently and get work done. This is why they are willing to use personal mobile devices that they purchase and pay for themselves to do so.

Blacklisting is a brute force approach that provides a false sense of security for IT. Blacklisting penalizes the most committed and valuable workers, punishing them for wanting to be more productive using their own personal mobile device. Something is very wrong here.

We have written previously about the “Legal Mobility Disconnect”. App blacklisting contributes to this significant productivity gap. The answer is for IT to lead and provide users with the mobile tools they need to do their job and get work done. This starts with file access and email. These IT provided solutions must be intuitive and easy to use. They must be secure and they must be readily available without imposing unreasonable restrictions on personal mobile device use outside of work.

If this post resonates, please explore Link by Mobile Helix and see if it offers you an alternative and more practical path to sustained, secure enterprise productivity. For those who remain unconvinced and plan to continue blacklisting, then you may want to read about Sisyphus4, who was engaged in a similar exercise in futility thousands of years ago – in his case for eternity.

We would love to hear what you think so please let us know.

– Matt

Notes and Links:

1. What is Application Blacklisting?
2. Statista App Store Statistics.
3. Citrix Mobile Analytics Report – February 2015.
4. The Myth of Sisyphus.