(Editor’s Note) Updated October 6, 2017: In response to this story, a WinZip contacted ZDNet: “WinZip does not send SMS messages. We aren’t aware of any valid reason why Appthority would consider WinZip for iOS a security risk.”
WhatsApp Messenger, WinZip, and Where’s My Droid Pro have made the list for the most blacklisted iOS and Android apps in enterprise environments.
On Tuesday, mobile security firm Appthority launched the latest Enterprise Mobile Security Pulse Report, a glimpse into how enterprise players tackle mobile security and network threats by banning apps considered to be a threat from accessing corporate resources and platforms.
Corporations can blacklist mobile applications for a variety of reasons. Known security holes and vulnerabilities or ways for confidential information to be leaked, a lack of secure communication and encryption, and links to threat actors or countries known for spying campaigns can all be reasons for barring an app on corporate devices, alongside compliance issues.
However, in the age of bring your own device (BYOD) schemes and corporately owned, personally enabled (COPE) platforms, it is not always possible to prevent app installation, but IT admins can at least prevent these applications from connecting to their networks.
According to Appthority, in Q3 2017, WhatsApp Messenger, Pokémon GO, and WinZip were the top blacklisted apps for iOS, together with CamScanner. Poot-debug(W100).apk, an Android System Theme, Where’s My Droid Pro, and weather software were the apps most likely to be banned on Android devices.
WinZip told ZDNet:
“We believe WinZip for iOS has been included in error. WinZip does not send SMS messages. We aren’t aware of any valid reason why Appthority would consider WinZip for iOS a security risk.
WinZip software is very popular with enterprise accounts and security is our top priority. We have asked Appthority for any further details they can provide us and if a valid security issue has been identified in our iOS app, we want our users to rest assured that we’ll take action to fix it as soon as possible.”
The report suggests that Android apps were usually blacklisted because malware was detected, and iOS apps were most likely to be banned due to data leakage risks, sending SMS messages — not necessarily with consent — or transferring data including GPS locations and sensitive information without encryption.
As a whole, tools for Android devices were banned most often, while social media and communication apps for iOS are treated with suspicion.
Appthority says that based on “mobile risk scores” related to vulnerabilities and the risk of data leaks, Uber, WhatsApp Messenger, and Facebook Messenger are the riskiest Android apps commonly found in enterprise environments.
Facebook, Pandora, and Yelp on the iOS platform are the most likely to cause a security breach.
“Enterprise security teams need to understand which mobile apps are being used, the risks they bring, and how their peers are utilizing mobile threat policies to more effectively secure corporate data,” said Domingo Guerra, president of Appthority. “With BYOD and COPE, many commonly used app-store approved apps are making their way into enterprises and posing risks to sensitive corporate data.”
In July, Trend Micro and VMware announced a new partnership to tackle enterprise mobile security issues. The companies plan to create new solutions which will automatically detect and tackle mobile threats on corporate networks.