Bible apps steal data
Proofpoint experts have studied a large number of apps available in the iOS and Android app stores. They have quantified the risk these apps pose to their users.
The main findings of the study are:
Proofpoint-Experts have analyzed 38,000 mobile apps from the categories of gambling, flashlights and Holy Scripture and found that their appearance cannot be trusted. An alarming number of apps steal data, track the user's location, access contacts, and even make unauthorized calls.
Bible apps contained a comparatively high percentage of malicious code, topping all categories at 3.7%, or 26 out of 5,600 apps. Malicious code, according to Proofpoint, is defined as code that attempts to exploit the mobile operating system to access data and services for which it does not have permission.
Of the 23,000 gambling apps examined, nearly 14% exhibited risky behavior, such as alarmingly extensive communication with external servers. In total, user data went to more than 1,800 servers in 41 countries.
The investigation found that one of the most popular Bible apps sends data to 16 servers in three different countries. It reads users' SMS messages, address book, device and phone data, tries to interact with other apps when the device is rooted, and can even make phone calls.
Similar analyses were performed in Quran apps, and it was found that one of the ten most downloaded apps is clearly Riskware. It installs itself as a boot app and communicates with 31 different servers, reads SMS messages, sends messages from the user and can track his GPS location.
Even something as seemingly ordinary as a flashlight app can host malicious code and send user data to the app's owners. Of the 5,600 apps examined, more than 678 servers in 28 countries were actively receiving data from these apps.
The existence - and surprisingly widespread presence - of riskware in seemingly legitimate apps is a stark wake-up call that organizations need a mobile app security strategy. Organizations should define policies and deploy solutions to identify and control these apps before they become security threats.
Companies should define guidelines
"When it comes to malicious apps, nothing seems sacred. The alarmingly widespread presence of riskware in religious scripture apps is further proof that mobile users - and their employers - need to be much more security conscious. The research findings are also a serious reminder of how important a mobile app security strategy is for businesses. To protect employees and users from unscrupulous spammers and hackers - and riskware and malicious apps in general - companies should define policies and deploy solutions to identify and control these apps before they become a security threat."
Text: Kevin Epstein, Threat Operations at Proofpoint; his detailed blog post "Is nothing sacred? Risky mobile apps steal data and spy on users" is here to find.
