Welcome to the App Jungle

Welcome to the App Jungle

The jungle is a hostile environment. Predators lurk at every turn. Most of the predators, in turn, are prey for those higher up the food chain. The chances of offspring reaching maturity are small. No wonder the corporate world has been likened to a jungle at times.

The same analogy can now be used in the wild world of applications. There are now apps for everything. The phone company, the fast food joint, the condo association – they all want you to download and use their apps. Anytime you go to a trade show, there is a trade show app to download. When you do business with a new client, there are typically several apps needed to take care of billing, project management, and collaboration. A tropical rain forest of apps of Amazonian proportions has emerged.

Apps Let the Bad Guys In

Data removal company Incogni analyzed 1,000 of the top apps in the Google Play Store. It included both paid and unpaid apps. The results were surprising.

  • 55 shared data with third parties.
  • The free apps were especially bad, sharing seven times more data points than paid apps.
  • Shopping apps came out badly, sharing an average of 5.72 data points.
  • Social media apps, too, were problematic. They collect 19.18 data points; they say they share only 3 of them, but it is likely to be more.

It gets worse from the standpoint of security:

  • Less than 50% state that their data is encrypted in transit. However, the number is probably more – only 5% of apps admit openly that they don’t encrypt data in transit. Expect that to be the case among far more of them.
  • Less than 1% go through an independent security review, meaning that 99% have no external check point to catch weak security or privacy practices.
  • Shockingly, 6 out of ten apps don’t provide any way for a user to request data removal, and 10% make it clear that any personal data collected cannot be deleted.

In other words, welcome to the jungle!

Dealing with the App Jungle

The state of the current app jungle should be a cause for deep concern among IT and security professionals. Think about the number of devices that each user has – PCs, desktops, tablets, and smartphones. On many of these, the user can download whatever they please. Even if corporate laptops are locked down via administrative privileges that prevent unsanctioned downloads, it is almost impossible to completely block the presence of the app jungle.

Bring Your Own Device (BYOD) practices are commonplace that allow employees to work from home. The device owners have the right to pick and choose the apps they wish. If the laptops are owned by the corporation, smartphones are overwhelmingly the personal devices of employees. Any attempt to enforce corporate policy on these is doomed to failure.

Some businesses send employees smartphones for business use. That doesn’t solve the problem. Few employees will put up with complete control of their phone by corporate IT. They will either find a workaround, convince someone to give them admin rights to that phone, or will have another for personal use. All it takes is that personal smart phone to get infected and the disease can spread from personal phone to corporate smartphone to laptop and hop into the corporate network. Data, after all, will be swapped from one device to another. There is no avoiding this. The jungle is never going to be far away no matter what policies and safeguards are in place.

That’s why enterprises need a way to plug and holes due to vulnerabilities, misconfigurations, and unpatched systems. They need a way to manage mobile devices as well as all endpoints across the enterprise wherever they may be. Syxsense gives organizations comprehensive security coverage across all devices. It discovers any devices operating on the network. It picks up any new devices as they are added and automatically applies the appropriate policies. This enables cradle-to grave-lifecycle management, eliminating the need to manually apply tasks to new devices. Coupled with the proven patch management, vulnerability, and IT management features, Syxsense brings together the best defense against the predatory lurking in application jungle.