Free and Paid Apps Pose Risks for the Enterprise
Developers of free apps are dependent on revenue that they get from advertising networks and analytics companies. In some cases, pay is based on the amount of data the developers collect and share about users.
Apps that are running in the background could be tracking your location and sharing it with other parties. That’s because not all developers ask for permission upfront or the language they use is vague or deceptive, according to the Appthority report.
“As employees use their own mobile devices and apps for work, they are mixing both personal and corporate data on them…. It is very challenging for organizations to identify which mobile apps put corporate data at risk versus which apps are benign,” notes the Appthority report.
95% of the top 200 free iOS and Android apps exhibited at least one risky behavior. 80% of the top 200 paid iOS and Android apps exhibited at least one risky behavior.
Paid apps trailed free apps across these risky behaviors: 44% of paid apps track for location vs. 70% of free apps, 22% of paid apps access the address book or contact list vs. 31% of free apps, 47% of paid apps have a single sign-on vs. 69% of free apps, 41% of paid apps identify the user or the unique device ID (UDID) vs. 52% of free apps
58% of the top 100 free Android apps share data with ad networks, compared to 24% of the top 100 paid apps.
Paid apps have more staying power in the top 100, according to the report. Only 43% of free iOS apps continue to be in the top 100 after six months, whereas 64% of paid iOS apps remained. With Android apps, 67% of paid apps stayed in the top 100 compared to 52% of free apps.
31% of free apps access users’ contact lists or address books, compared to 22% of paid apps.
100% of free Android gaming apps identify the unique device identifier (UDID). Android apps access UDIDs significantly more than iOS apps, 71% and 26% respectively, but the iOS figure is 20 percent points higher than last year.