White Paper PDF

PRADEO Security Systems
April 2013
White Paper
Mobile App Security: Revelations on the Real Threats

Supporting Figures & Examples
Preface
This white paper offers, as of the publication date, PRADEOs point of view regarding the various issues that are discussed. Based on automated analysis results, it cant be considered as a comprehensive document or even as having contractual value with regards to PRADEO. The information included in the white paper is provided for reference only, and PRADEO does not make any warranty of any kind regarding this information. Therefore, PRADEO may not be liable under any circumstances in case of omission, mistake or imprecision. This white paper, property of PRADEO, cant be reproduced, stored, transmitted, for any purpose, in any form or by any means (electronic or mechanical, including photocopying and recording) without previous written authorization of PRADEO. Any representation or complete or partial reproduction of this white paper, made without the approval of PRADEO, is illicit. Such a representation or reproduction, by whatever process, would therefore constitute counterfeit punishable under articles L 335 1 and following of the Intellectual Property Code and an infringement of PRADEO rights.
2013 Pradeo Security Systems. All rights reserved.
Pradeo 2013 The reproduction of this document is strictly forbidden without previous written authorization CONFIDENTIAL APRIL 2013
2
Contents
1 2 2.1 2.1.1 2.1.2 2.1.3 2.1.4 2.1.5 2.2 2.2.1 2.2.2 2.2.3 2.3 3 4 4.1 4.1.1 4.1.2 4.1.3 4.1.4 4.1.5 4.2 5 5.1 5.2 5.3 6 7 SUMMARY...........................................................................................................................................................................................5 OVERALL SITUATION OF THE MOBILE APP MARKET ...............................................................................................7 MOBILE APPS DEDICATED TO THE CONSUMER MARKET ..........................................................................................................9
CURRENT CONTEXT .......................................................................................................................................................................9
ISSUE #1 : CONSUMER SECURITY CONTROL ..........................................................................................................................9 SOLUTION........................................................................................................................................................................................9 ISSUE #2 : CONTROL OF THE "CRITICAL" APPS SECURITY ...................................................................................................9 SOLUTION........................................................................................................................................................................................9 MOBILE APPS WITHIN COMPANIES ............................................................................................................................................ 10
CURRENT CONTEXT .................................................................................................................................................................... 10
ISSUE : CONTROL OF THE RISKS ASSOCIATED WITH
THE COMPANIES' APPLICATION FLEET ................................... 10
SOLUTION..................................................................................................................................................................................... 10
SUMMARY ......................................................................................................................................................................................... 11
RESULTS ANALYSIS METHOD ............................................................................................................................................. 12 MOBILE APP SECURITY ON IOS AND ANDROID : SPECIFIC & DETAILED FIGURES ............................ 15 GENERAL CRITERIA ......................................................................................................................................................................... 16 DISTRIBUTION OF THE "SAFE" AND "RISKY" APPLICATIONS ON ANDROID & IOS....................................................... 16 DISTRIBUTION OF THE "SAFE" AND "RISKY" NATIVE APPLICATIONS ON ANDROID...................................................... 17 DISTRIBUTION OF THE
THREATS BY APPS CATEGORY ON ANDROID & IOS ................................................................ 17
TOP 10 & DISTIBUTION OF "RISKY" APPS PUBLISHERS ..................................................................................................... 18 GEOGRAPHICAL DISTRIBUTION OF THE
ATTACKERS WITH THE HIGHEST "RISKY" APPS' RATE................................. 19
DETAILED CRITERIA ........................................................................................................................................................................ 20 EXTRACTS OF THE MOST DOWNLOADED APPS' SECURITY REPORTS..................................................... 21 THE GOOD STUDENTS................................................................................................................................................................... 22 LACK OF TRANSPARENCY ............................................................................................................................................................. 23 THE BAD STUDENTS ...................................................................................................................................................................... 25 CONCLUSION ................................................................................................................................................................................ 26 ABOUT PRADEO ........................................................................................................................................................................... 28
REFERENCES ......................................................................................................................................................................................... 30
3
4
1.
Summary
5
Mobile app security is more and more frequently stigmatized around the world. The FTC in the United States and the European CNIL, for instance, have made the mobile apps privacy protection a priority. If the challenges seem to be major for the consumer market, they are even more significant for companies with specific security policies.
The purpose of this white paper is to reveal the current state of the security associated with mobile apps in the world. After reviewing the overall situation of the mobile app market and the major security issues associated with these apps dedicated to companies and the consumer market, you will discover the key figures related to the mobile apps threats along with: The security level of the mobile apps present on app stores
Are the apps present on Google Play and in the App Store really secured?
The security level of the mobile apps provided by telecom operators and device manufacturers
Can we trust the apps provided with our Smartphone or tablet?

The distribution of threats per apps category
To what extent do the most downloaded apps present a danger for consumers?
Top 10 of the malicious apps publishers
Who are the most virulent publishers of malicious apps?

The 15 countries with the highest threat level throughout the world
Where does the highest number of threats come from?

The distribution of the identified type of attacks
What kind of actions do the threatening apps perform and to what extent?
Through these figures, you will discover the challenges associated with mobile apps consumer and private user security.
6
2.
Overall Situation of the Mobile App Market
7
The aim of this chapter is to highlight the mobile app weight in the world in order to best understand the threats directed to consumers. The detail of these threats, based on PRADEO analyses, is addressed in chapter 4.
The mobile app market has the wind in its sails since it is expected to increase from 6.4 billion Euros in 2012 to 14.1 billion Euros by 2017 (Source : Berg Insight, February 2013 [1]). In 2012, the average of mobile apps downloads was 88,000 downloads / minute. In 2013, 155,000 downloads / minute are expected, compared with 589,000 downloads / minute by 2016 (source: Gartner, September 2012 [2]).
Nb of apps downloads (Bns)
(Source: Gartner, September 2012 [2])
The estimates for the 1st quarter of 2013 show that the gap tends to tighten between iOS and Android in the mobile apps download race, despite a clear advantage for iOS. There are around 800,000 applications in the App Store and almost the same number on Google Play. For its part, the Windows Phone Store has more than 135,000 available applications (source: Microsoft, April 2013 [3]). Among the downloaded apps, free apps remain very common and accounted for 89% of the total in 2012 compared with the 90% expected in 2013.
Q1 2013 Apps in the official store Apps downloads (Bns)
> 800 000 40
> 800 000 25
135 000 -
(Sources: Gartner, September 2012 [2] ; Microsoft, April 2013 [3] ; The Sociable VentureBeat, January 2013 [4] ; Apple, January 2013 [5])
8
2.1 Mobile Apps Dedicated to the Consumer Market
2.1.1 Current Context

More and more mobile apps dedicated to the consumer market handle very critical data, especially with the increase of mobile apps used for the banking field, the healthcare sector, or even for social networks, etc.
2.1.2 Issue : Consumer security control

How can you be sure that all the apps put at the disposal of the consumer market are secured? Do they represent a threat regarding privacy? Do they generate any financial losses? Are they secured for the hosting Smartphones or tablets?
2.1.3 Solution
Mobile app security must be ensured before putting any app at the disposal of consumers, either directly at the app stores level, or directly on the device of the final users. Besides, the Google Play and App Stores security reports are still very insufficient as the Chapter 4 figures attest. Applications providers must then be capable of accurately determining the behavior of all the apps they put at the disposal of consumers. The mass of apps distributed clearly excludes any human action, and it is then necessary to automate the audit process to evaluate the apps security level.
2.1.4 Issue : Control of the critical apps security

Are critical apps (banking, health, etc) executed in a safe environment? How can you be sure that the other apps present on the hosting device are not able to retrieve the consumer critical data while executing the critical application?
2.1.5 Solution
The security of the consumers critical apps focuses on the three following points: 1/ Privacy respect (data theft, etc.) 2/ Financial losses (banking data retrieval ) 3/ Device security (virus )
9
The danger does not only come from the application handling critical data, but also from the other apps already present on the consumer device, that may be able to violate one of the three points above while the critical app is being executed. The security of these critical applications must then be ensured by their publishers. They should be able to control the execution condition of their app regarding the security level of their clients devices. The critical apps must then be able to determine the behavior of each of the apps present on their clients device in order to automatically validate or not their own execution.
2.2 Mobile Applications Within Companies

2.2.1 Current Context
The number of mobile apps has significantly increased within companies. This trend is due to the growth of corporate app stores and business apps (applications developed for internal use). Their average security level is given in chapter 4. This phenomenon is also due to the BYOD (Bring Your Own Device) trend making easier the integration of personal applications into the information systems. This growth within companies leads to the increase of security risks that Safety Officers do their best to control within their information system, mostly through MAM tools (Mobile Application Management) to manage the approval / removal of the application fleet. They also create their own application stores to manage the apps put at the disposal of their staff.
2.2.2 Issue: Control of the risks associated with the companies application fleet
How do you manage the risks associated with an application fleet within a company information system? How can you be able to satisfy the users needs while more and more apps keep being downloaded?
2.2.3 Solution
To control mobile app security, a management tool (MAM) is essential but not enough since such tool gives the opportunity to manage the deployment of apps without being aware of the security level of each app. It is then necessary for companies, before any deployment, to be able to define an application security policy and to make sure that each app is compliant with this very policy before being deployed. To do so, companies must be able to determine the behavior of all the apps present on their information system. Since the number of apps within large companies is often notable, they are not able to manually control and confront the behavior of their apps one by one with their security policy before any deployment. To manage the security of the total number of their mobile apps, companies will inevitably have to use automated processes.
10
2.3 Summary
Through these observations, it is becoming apparent that, in order to answer the issue linked to mobile app security, the evaluation of each mobile apps behavior is necessary before any deployment or before putting them at the final consumer disposal (private consumer or corporate). Nowadays, consulting groups focusing on security are mandated to realize security audits for mobile apps. Advantages of the manual audit: Evaluate exactly the threats associated with each app Take the right action (approval / removal / deployment)
Limits of such an audit: Oriented audit (groups usually focus on the main need expressed by a client) Expensive Long Consulting groups are only able to analyze a few apps
Given the public mobile app market dedicated to companies and to the consumer market, the large number of mobile apps makes security hard to manage. To face this problem, it is then necessary to automate the mobile apps management security processes.
11
3.
Results Analysis Method
12
The 4th chapter of this White Paper lifts the veil on all the detailed figures related to the security of mobile apps. For this paper, the apps sample consisted of public applications (downloaded by the consumer market) and business applications (developed by companies). The results obtained from this study are based on the complete analyses of the mobile apps behavior realized by PRADEOs behavioral analysis engine: Trust Revealing.
Trust Revealing is a behavioral analysis engine dedicated to mobile applications. For a given mobile application, Trust Revealing is able to reveal all the actions performed by the very application: automated SMS sending, initiating phone calls, connections to malicious servers, retrieval of data from a users agenda or list of contacts, etc. Through this analysis, the engine will enable users to get a complete security audit.
This engine, developed by the PRADEO R&D team, is the only solution in the world capable of realizing a behavioral analysis of todays mass of applications.
These results emphasized the security level of the different categories of actions performed by any Android or iOS mobile app. The damaging or potentially damaging actions performed by the mobile apps analyzed by Trust Revealing are detailed and categorized into 3 essential aspects: Privacy Financial Losses Device Security
Privacy Data theft (SMS/MMS, photos-videos, files) Phone number retrieval Contact list retrieval Call history theft Passwords or account retrieval Material information retrieval (IMEI, serial number, etc.) Information retrieval about the users network connection Geo-location information retrieval (other than Google Maps or Maps) Financial Losses Sending of SMS/MMS to premium-rate numbers Automated calls to premium-rate numbers Unsecured payment connections (nb of unsecured payment connections vs. total nb of payment connections) Security Malwares & rootkits detection Uncertified https connections rate Connections rate towards malicious servers
13
Thanks to its engine, PRADEO has decided to isolate the safe apps (applications without any risk for the consumer) from the risky apps (applications representing a threat for at least one of the three points cited above).
The analyzed Android apps sample mostly includes apps from Google Play, but also from other stores. It also includes the business and public apps that publishers have already audited through the behavioral analysis engine Trust Revealing.
The iOS analyzed apps sample is much less notable since it only includes the business and public apps that publishers have already audited through the behavioral analysis engine Trust Revealing. This is due to Apple positioning which forbids the retrieval (and then the analysis) of the mobile apps present in the App Store.
14
4.
App Security on iOS & Android: Specific & Detailed Figures
15
4.1 General Criteria
4.1.1 Distribution of the safe and risky apps on Android & iOS
The following table indicates the distribution between all the Android and iOS safe and risky apps for the 3 most critical aspects for consumers: privacy, financial losses and device security. The analyzed apps sample focuses on 18,206 applications (public and business apps), including 18,020 on Android and 186 on iOS.
Distribution of all the analyzed apps threat level Privacy "Safe" apps Risky apps 94.27% 5.73% 100% Financial Losses Safe apps Risky apps 99.19% 0.81% 100% Security Safe apps Risky apps 85.42% 14.58% 100%
The results concerning iOS show that only 1% of the total is considered as being risky compared with 21% on Android. Two conclusions can be drawn: the security level on Android is either lower than the one on iOS/; or the results regarding iOS apps do not actually reflect the security level of the apps available in the app store. Neither of these two assumptions can be preferred since, if it is possible to analyze the behavior of the apps coming from Google Play, it is actually not the case for those from the App Store since the policy implemented by Apple consists of forbidding the retrieval (and then the analysis) of the apps from its store. In that case, the apps security study on iOS only focuses on the analysis of the apps put at the disposal of the analysis engine Trust Revealing by some publishers. The analysis on iOS focuses then on a simplified apps sample: 186 iOS applications compared with 18,020 Android Out of the total of Android and iOS apps analyzed, 22% of these apps represent a threat for consumers. 14.58% are likely to perform malicious actions (virus attack, rootkits, and uncertified HTTPS connections). 5.73% of these apps represent a real threat for consumers privacy (data theft, geo-location, connections to malicious servers, etc.). Finally, 0.81% of all the apps generate financial losses for consumers (calls or automated SMS/MMS to premium-rate numbers, unsecured mobile payment connections).
16
apps. The only actor today capable of determining the real security level of the apps present in the app store is Apple itself! By showing some transparency, Android demonstrates the apps lack of transparency with 21% of applications considered as being risky in terms of privacy, financial losses and security for consumers. The apps sample used by PRADEO seems to be insufficient to be able to draw any conclusion on the security of iOS apps. However, some publishers have developed apps that perform potentially malicious actions for consumers on Android. These very apps are available on iOS and are developed by the same publishers. But are these apps really more secured?
4.1.2 Distribution of the safe and risky native apps on Android

The following table indicates the distribution between the native Android apps (embedded into the operating system by a manufacturer or a telecom operator) considered as safe or risky regarding privacy, financial losses and device security. The analyzed apps sample focuses on 1,358 Android native applications.
Distribution of the analyzed native apps threat level Privacy Financial Loss Security Safe Apps 99.50% 100% 97.19% Risky Apps 0.50% 0% 2.81% 100% 100% 100%
Native apps enable Android to hold its head up regarding security since out of the analyzed native apps totality, only 3.3% are considered as being risky for consumers. Regarding the policy implemented by Apple, it is impossible to analyze the iOS native apps. It is then impossible to make sure that iOS ensures that same level of security for its embedded apps.
4.1.3 Distribution of the threats per category on Android & iOS

The histogram below indicates the risky Android & iOS apps threat distribution regarding privacy, financial losses and security for: - The three categories of critical apps most downloaded by the consumer market, - Business apps
17
The three categories most downloaded by the consumer market are: 1 / Games (puzzle, sports games, card games, casino ) 2 / Utilities (weather, transport schedules, postal services ) 3 / Entertainment (health, books, media, social networks, travels ) The analyzed apps sample focuses on 3,450 Android and iOS apps divided into four categories: games , utilities , entertainment , and business apps
Threat Level per analyzed apps category & per type of threat
Privacy Financial Losses Device Security

Games Utilities Entertainment Business apps
13.5% of the most downloaded apps by the general public represent a threat for consumers privacy 1.4% of them generate financial losses 40.7% include virus signatures or rootkits. Regarding the business apps, 11% of them threaten the hosting devices integrity, the majority of which use various device functionalities in case it is rooted or jailbroken.
4.1.4 Top 10 & distribution of the risky apps publishers

This ranking includes all the identified risky apps publishers, a sample of 1,090 publishers more precisely. The table below ranks publishers regarding the threat rate generated by their apps out of the risky apps total number detected.
Risky apps publishers ranking 1 Samsung Media Solutions Center America 2 Rovio Mobile Ltd. 3 Wikimedia Foundation 4 GO Dev Team 5 NQ Mobile Security 6 Baidu Inc 7 Gameloft 8 MobilesRepublic 9 ES APP Group 10 Samsung Electronics Co.,Ltd.
% of risky apps 1.05% 0.76% 0.58% 0.47% 0.47% 0.47% 0.41% 0.41% 0.35% 0.35%
18
These results highlight the fact that risky apps publishers stand for less than 2% of the threats out of the total number of the risky apps analyzed. The following conclusion could be drawn: there is no real actor among publishers. It is then not possible to think in terms of publishers blacklisting to protect consumers from risky apps.
4.1.5 Geographic location of attackers with the highest rate of risky apps
The following map stands for the top 15 geographic location of the countries with the highest number of risky apps developed in the world.
19
4.2 Detailed Criteria

The following table shows the distribution of the damaging actions performed by critical apps. The analyzed apps sample includes 3,844 Android and iOS risky applications.
Distribution of the analyzed risky mobile apps associated with the action performed on iOS and Android Privacy Data theft (SMS/MMS, photos-videos, files) Phone number retrieval Contact list retrieval Call history theft Passwords or account retrieval Material information retrieval (IMEI, serial number, etc.) Information retrieval about the users network connection Geo-location information retrieval (other than Google Maps or Maps) Financial Losses Sending of SMS/MMS to premium-rate numbers Automated calls to premium-rate numbers Unsecured payment connections (nb of unsecured payment connections vs. total nb of payment connections) Security Malwares & rootkits detection Connection rates towards malicious servers Uncertified https connections rate 8.28% 0.2% 0.1% 68.79 % 4.61% 11.32% 26.20% 1.23% 0.5% 0.29% 0.41% 9.39% 1.98% 0.3%
Attacks may take various forms. Some apps do not respect privacy, whereas others generate more or less significant financial losses or even question the integrity of the hosting devices.
The less common actions, such as the unsecured payment connections, usually have more significant impact than the most widespread actions such as malware attacks, which still remain a very serious issue.
20
5.
Extracts of the most downloaded apps security reports
21
This chapter aims at lifting the veil on some results that summarize the Android apps analyses stemming from the CheckMyApps application, available on Google Play.
5.1 The Good Students

LINKEDIN WHATSAPP YOUTUBE
DROPBOX
ICONOMIA
TWITTER
22
MAPS
ADOBE READER
SHAZAM
All the apps reporting a green indicator are among the 79% of the apps with no potential danger for Android mobile apps consumers.
5.2 Lack of Transparency

TALKING TOM TEMPLE RUN 2 FRUIT NINJA
23
ANGRY BIRDS STAR WARS
SKYPE
FACEBOOK
Some of the most downloaded apps throughout the world present a potential threat for consumers since they perform actions without their knowledge, as the security summary reports above show.
Did you know it?
Talking Tom Free 2.0.1 retrieves users personal data onto the network; asks users to access functions requiring privilege elevation; establishes uncertified https connections Angry Birds Star Wars 1.2.1 retrieves users personal data onto the network Facebook 1.5.0 retrieves users personal data onto the network Skype 3.2.0.6673 asks users to access functions requiring privilege elevation Temple Run 2 1.1.1 established connections to malicious servers Ninja Fruit Free 1.6.2.10 asks users to access functions requiring privilege elevation
The actions performed without consumer knowledge by the mobile apps cited above represent a potential danger for clients. More transparency is required!
24
5.3 The Bad Students
Many other apps represent a serious threat for consumers. Applications such as SuiConFo 1.0, for instance, perform damaging actions like the sending of automated premium-rate SMS. Others, like Magic Hypnotic Spiral 2.0.0 may download viruses.
There are a great deal of other applications performing the same damaging actions or even more damaging, like the unsecured banking payment connections through which a huge amount of money may transit.
25
6.
Conclusion
26
The analyses and observations made in this white paper give the opportunity to measure the impact of the threats towards mobile apps users both dedicated to the consumer market and companies. 22% of the public or business iOS and Android apps represent a threat for the general public and for companies as well. The damaging actions performed without the consumers knowledge by these apps mainly focus on privacy, financial losses, and the integrity of Smartphones and tablets. The weight of the threats associated with the Android apps stands for 21% of the analyzed apps total. However, it is impossible to evaluate the threat level associated with the iOS apps since the policy implemented by Apple consists of forbidding the retrieval of the apps present on its App Store. The launch against cyber-crime presents a real challenge both for companies and for apps providers. This launch inevitably implies the knowledge of the apps mass behavior before putting them at the disposal of consumers. Only the behavior confrontation of each app with the company or providers security parameters will be able to ensure the securit y of these distributed apps (example of a security criterion: disapproval of the apps that send automated SMS to premiumrate numbers). The number of apps and downloads revealed in the 2nd chapter clearly emphasizes the fact that the automated apps audit, validation, and distribution processes remain the most appropriate methods. The purpose of this white paper was to draw the attention of consumers to the risks mobile apps may represent. These analyses have been carried out according to general security criteria (described in chapter 3). It is necessary to draw the readers attention to the security consequences for companies; these consequences can be obviously more significant than the ones revealed by the study since it was impossible to take every sing le companys security policy into account. In other words, any action considered as being legitimate according to these general criteria (a network connection established, for instance) could potentially be dangerous for a company according to its context and its security policy.
The next white paper of PRADEO will include Windows 8 apps data
27
7.
About PRADEO
28
As an IT security solutions provider, Pradeo has developed its expertise in the field of security dedicated to mobile apps. Pradeo is offering different products such as: AuditMyApps: online platform focusing on the security audit of mobile apps. AuditMyApps enables public and business mobile apps developers and providers to control the security level of both their Android and iOS apps on https://www.auditmyapps.com
CheckMyApps: security and management solution dedicated to the companies public and business mobile apps fleet. CheckMyApps enables companies to manage the approval / removal of all the iOS and Android apps of their fleet, making sure they are compliant with their application security policy. An automated audit of the totality of both the Android apps and the iOS business apps included in the fleet is realized beforehand. CheckMyApps in the Cloud is available at https://www.checkmyapps-cloud.com
CheckMyApps API: security solution dedicated to critical apps publishers (Banking, Health ) to make sure their apps are executed in a safe environment. CheckMyApps API is also dedicated to telecom operators and Smartphones and tablets manufacturers to ensure the security of the apps put at the disposal of consumers.
CheckMyApps Personal: free public application available on Google Play. CheckMyApps Personal gives the opportunity to users to evaluate the risk level of the Android apps present on their handset regarding privacy, financial losses and their device security.
To learn more about Pradeos solutions, feel free to contact Pradeos marketing department or visit the website www.pradeo.net. If you have in mind a project dealing with specific apps security - development of mobile payment apps, creation of an app store, etc -, feel free to contact the business department of Pradeo.
29
References
[1] http://www.berginsight.com/News.aspx?m_m=6&s_m=1 [2] http://www.gartner.com/newsroom/id/2153215 [3] http://www.windowsphone.com/en-us?WT.srch=1 [4] http://venturebeat.com/2013/01/04/google-play-will-hit-a-million-apps-in2013-probably-sooner-than-the-ios-app-store/ [5] http://www.apple.com/pr/library/2013/01/07App-Store-Tops-40-BillionDownloads-with-Almost-Half-in-2012.html
30
SAS with a share capital of 49,950 , R.C.S. Montpellier FR03525074092 Cap Omega Rond Point Benjamin Franklin 34960 MONTPELLIER - FRANCE Tl : +33 4 67 13 01 05 Fax : +33 4 67 13 00 10 contact@pradeo.net www.pradeo.net
31

White Paper PDF

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

White Paper PDF

Hochgeladen von

Copyright:

Verfügbare Formate

PRADEO Security Systems

Mobile App Security: Revelations on the Real Threats

Mobile App Security: Revelations on the Real Threats

Mobile App Security: Revelations on the Real Threats

ISSUE : CONTROL OF THE RISKS ASSOCIATED WITH

THE COMPANIES' APPLICATION FLEET ................................... 10

Mobile App Security: Revelations on the Real Threats

Mobile App Security: Revelations on the Real Threats

Mobile App Security: Revelations on the Real Threats

Can we trust the apps provided with our Smartphone or tablet?

Who are the most virulent publishers of malicious apps?

Where does the highest number of threats come from?

Mobile App Security: Revelations on the Real Threats

Mobile App Security: Revelations on the Real Threats

Nb of apps downloads (Bns)

(Source: Gartner, September 2012 [2])

Q1 2013 Apps in the official store Apps downloads (Bns)

> 800 000 40

> 800 000 25

Mobile App Security: Revelations on the Real Threats

2.1 Mobile Apps Dedicated to the Consumer Market

2.1.1 Current Context

2.1.2 Issue : Consumer security control

2.1.4 Issue : Control of the critical apps security

Mobile App Security: Revelations on the Real Threats

2.2 Mobile Applications Within Companies

Mobile App Security: Revelations on the Real Threats

Mobile App Security: Revelations on the Real Threats

Mobile App Security: Revelations on the Real Threats

Mobile App Security: Revelations on the Real Threats

Mobile App Security: Revelations on the Real Threats

Mobile App Security: Revelations on the Real Threats

4.1 General Criteria

Mobile App Security: Revelations on the Real Threats

4.1.2 Distribution of the safe and risky native apps on Android

4.1.3 Distribution of the threats per category on Android & iOS

Mobile App Security: Revelations on the Real Threats

Privacy Financial Losses Device Security

4.1.4 Top 10 & distribution of the risky apps publishers

Mobile App Security: Revelations on the Real Threats

Mobile App Security: Revelations on the Real Threats

4.2 Detailed Criteria

Mobile App Security: Revelations on the Real Threats

Mobile App Security: Revelations on the Real Threats

5.1 The Good Students

Mobile App Security: Revelations on the Real Threats

5.2 Lack of Transparency

Mobile App Security: Revelations on the Real Threats

ANGRY BIRDS STAR WARS

Did you know it?

Mobile App Security: Revelations on the Real Threats

5.3 The Bad Students

Mobile App Security: Revelations on the Real Threats

Mobile App Security: Revelations on the Real Threats

Mobile App Security: Revelations on the Real Threats

Mobile App Security: Revelations on the Real Threats

Mobile App Security: Revelations on the Real Threats

Mobile App Security: Revelations on the Real Threats

Das könnte Ihnen auch gefallen