TikTok is the Rule, Not the Exception, When it Comes to Mobile App Privacy and Security Risks
Unfortunately for TikTok, 2020 isn’t starting off well. The video-sharing social networking service that was under fire by U.S. legislatures in 2019, is being banned by the U.S. Army, prohibiting soldiers from using it on government-owned devices, citing a potential security risk.
Army spokeswoman Lt. Col. Robin Ochoa told Military.com the Chinese social media app is “considered a cyber threat.” The regulation comes after the Defense Department and lawmakers have expressed concerns about how the app collects personal data.
In 2019, NBC chief White House correspondent Hallie Jackson reported for TODAY that the issue at-hand surrounds the data the Chinese-based app collects and what they may do with it.
Also in 2019, we took a look at TikTok to see what the privacy and security concerns were for both Android and iOS versions, ranking each version on a 100 point scale. The higher the rating; the higher the risk. The Android version had high privacy and security risks and iOS had high privacy and medium security risks. iOS rated 98/100 for privacy and 64/100 for security. Android was 79/100 for privacy and 82/100 for security.
While these scores are most certainly high and illustrate extreme privacy and security concerns, the idea that the TikTok app is the exception when it comes to mobile app privacy and security is false. It is the rule – – we are consistently finding privacy and security risks associated with all sorts of mobile apps. Much like the Army citing potential security risks on government-owned devices using TikTok, businesses and government agencies around the world are at risk from other mobile apps downloaded on business-owned phones or bring your own devices (BYOD),that pose privacy and security issues.
Mobile App Privacy and Security is a Real Issue
In the last six months, we’ve looked at the leading banking, travel and shopping mobile apps, and privacy and security risks abound. For example, in October we examined 30 of the top “best deal” travel apps, based on Android downloads and iOS ratings. The research revealed that 100% of the iOS apps failed to receive a passing privacy or security grade. The Android apps tested did better, with only 45% failing to pass the privacy tests, but 97% still failed on security.
Forbes Senior Contributor, Davey Winder, explained the process – the same process we use when we evaluate all mobile apps – in his article, Top Travel Apps Fail The Privacy And Security Test. In it, he writes: The apps were awarded scores calculated using Zimperium’s z3A advanced application analysis engine across three primary categories of analysis: the Open Web Application Security Project (OWASP) mobile top 10 application development best practices, and more granular privacy and security risk data.
Davey continued: For privacy, this included the app’s access to private user data, unique device identifiers, SMS, communications and unsecured data storage. The security risk analysis included functionality and code usage, application capabilities and critical vulnerabilities. Each app was then rated on a scale of zero to 100; the higher the rating, the higher the risk. To pass the testing regime, an app needed to demonstrate that it had very few risks and did a better than average job of protecting user data. If an app showed significant risks with a below-average job of protecting user data, it failed. Those apps that had risks that needed addressing but fared averagely when it came to protecting data were given an intermediate “average” rating.
This process found similar results in both our mobile banking and mobile shopping app studies. The fact is, many mobile apps are being developed without following best practices and – in doing so – making it a lot easier for “the bad guys” to do real damage once they gain control of your phone. And this is a real concern. For example, a risky app on an employee’s phone could lead to a data breach or worse.
Mobile attacks are on the rise. According to Gartner’s latest Market Guide for Mobile Threat Defense, “in 2018, mobile attacks almost doubled compared to the previous year, reaching 116.5 million.” Why make it easier for the bad guys with a risky app.
To learn more about the privacy and security risks associated with mobile apps and how to protect your business from developing and succumbing to risky mobile apps, please contact us.
The post TikTok is the Rule, Not the Exception, When it Comes to Mobile App Privacy and Security Risks appeared first on Zimperium Mobile Security Blog.