BYOD has become a mutually beneficial trend in the workplace to employers and employees alike. With more companies embracing the trend, it is particularly important for enterprises to learn how to manage the risks associated with apps on personal devices in the workplace.
We all know how many free apps are available for our personal devices. What we may not know is that the apps that promise to allow us to be “anonymous” we’re downloading might actually be exposing both personal and corporate information – putting our companies at risk.
Such is the case for Whisper, a popular app where users can “anonymously” share confessions. A recent article from CIO Today tells how the app’s developers can pinpoint a user’s location as well as collect their mobile data without user consent. Beyond this being an intrusion of a user’s personal privacy, it could also mean that developers gain access to sensitive corporate data. Also, if an employee were to give an “anonymous” confession on the app about their workplace, enterprise information could be linked to the personal device.
The problem is larger than Whisper, though. Recently, I had the exciting opportunity to speak with Scott McGrew of NBC’s Press:Here.
We discussed how seemingly innocuous apps like the Flashlight app can actually access other sensitive information from our mobile phones. Private corporate information, ranging from a phone’s contacts and calendar to its location history to email attachments, can be collected without the user necessarily being aware, and the risk this poses to enterprises is amplified when a personal phone is used in a BYOD environment.
Sometimes developers are not only collecting data, but they are also selling it to third parties for profit. By selling user data, those developers creating free apps have an additional source of income that they don’t get by charging download fees. In order to make money, Appthority has found that developers are incorporating data collection into apps that has resulted in ninety-nine percent of free apps having some sort of risky behavior that could be a danger to enterprise data.
Domingo Guerra is the President and Co-founder of Appthority—which provides the industry’s first all-in-one App Risk Management service. Follow him on the Appthority Blog, and his company on Twitter:@Appthority. This article was reprinted with permission.
The nuviun blog is intended to contribute to discussion and stimulate debate on important issues in global digital health. The views are solely those of the author.