Blog

Rahul Thadani
Enterprise Security: Mobile ad libraries pose new security threats
June 4, 2014

A new threat to enterprise security that many organizations neglect and fail to address effectively is that of mobile advertising networks. These ad libraries are freely used by mobile developers to track user behavior patterns and to generate ad revenue. However, the increased usage of smartphones and tablets by employees poses a major security threat for enterprises. This is a security risk that they have never dealt with before and it brings with it a host of new problems that need specialized solutions and compliance policies.

Fotolia_64244752_Subscription_Monthly_M1

Some of the most popular ad networks that operate today are AdMob and Flurry and these cater to millions of devices across the globe. However, these companies regularly ‘leak’ private information of mobile users. This information consists of, but is not restricted to, installed apps, geolocation data, pin codes, mobile device ID information, contact lists, SMS history and call logs. It has been found that almost two-thirds of apps that are installed on a device regularly try to contact such a network.

These threats are undoubtedly a risk for home users. However, there are several antivirus and security solutions available for home users to combat these threats. But when it comes to enterprise users, the value of such data becomes higher as there is not just an individual’s privacy at stake. Other assets like company resources and confidential information is also on the line so such threats should not be underestimated.

The biggest issue with respect to these ad threats is that of transparency. It is not clear which apps are causing the most data leakage so it becomes hard to regulate this risk. As a result, mobile users can never be sure about who exactly is getting access to their information and from what channel. In order to safeguard sensitive data, it becomes vital for businesses to keep an eye on these ad libraries and regulate them efficiently.

Some simple math here shows how dangerous this threat really is. On an average, a mobile user installs around 200 apps on his smartphone. Each app requires around 9 permissions on an average. So, one single user grants around 1,800 permissions through his smartphone. Now multiply that with the number of employees an organization has and the risk becomes catastrophic. An organization that employs around 500 employees has to deal with 900,000 unregulated permissions. An organization with 1,000 employees has 1.8 million permissions to contend with, and so on. The larger an organization, the higher the number.

So what are the possible workarounds for enterprises to tackle this threat? Here are some suggestions that we have for your enterprise network.

  1. Regulate the devices that your employees bring to the enterprise.
  2. Regulate the apps that they install on the devices they use for official data and tasks.
  3. If possible, create in-house apps and services to ensure the safety of these devices.
  4. Practice containerization. This refers to the creation of walls between the various apps on a device so that the data that one app collects cannot be shared with another app.
  5. Create awareness and knowledge training about the dangers of mobile apps to organizational data.

Several new age threats that organizations never knew about earlier are now freely circulating and the common factor behind most of these enterprise security risks is that human usage and error leads to most security breaches. Mobile apps cannot be removed completely, so it is very important for organizations to figure out effective methods to regulate them so as to safeguard their data.

Have something to add to this story? Share it in the comments.

Rahul Thadani
About Rahul Thadani
Rahul is a web enthusiast and blogger, and has been writing about the computer security industry for the last three years. Following the latest technology trends,...
Articles by Rahul Thadani »

No Comments, Be The First!

Your email address will not be published.

CAPTCHA Image