April 1, 2015 By Rob Patey 3 min read

Apps store countless types of information about our lives, both personal and professional. According to renowned Internet-accredited work/life specialist Dr. Sleuthe Eistheimer, the information is being wasted at the corporate level.

“Apps have become the new software, but at a much more miniaturized level… and connected to the Internet,” he said. “We share our lives on these apps, and nowhere to such authentic levels as within dating apps.” The doctor paused for a minute to move his laundry from the washer to the dryer at the laundromat where he holds his office hours.

“Yes, security and privacy are paramount in an enterprise. This is why so many enterprise mobility management (EMM) solutions have carefully crafted security policies, so IT never sees too deeply into their workers’ smartphones or tablets, especially with bring-your-own-device. PRIVACY! HAH!” In disdain, the doctor spat on the ground — however, it was also into his own cleanly folded laundry basket.

“PRODUCTIVITY!” he yelled. I looked up, startled, dismissing the cab I was calling on my EMM-protected phone. “Privacy can be sacrificed for productivity,” the doctor reiterated. To avoid bodily harm, I disagreed silently that privacy is never a sacrifice for productivity. As with every tech turn, privacy and productivity are a three-legged stool of business support. I feared the doctor’s model may have been reaching a bad tipping point, but I listened on.

“Do you like Grumpy Cat?” he asked.

No, I like happy dogs, I thought.

“Who doesn’t?” I lied to kill time until I could once again herald a yellow chariot of escape. “I have tickets tonight for the off-off-Broadway revival of ‘Cats 2: Kitten Boogaloo,'” I lied yet again.

“So, imagine you place the Grumpy Cat on a dating app under your life goals and hobbies,” he said. “Now, imagine a co-worker also has an app professing loyalty to cats both grumpy and surly. Wouldn’t you be a more synergistic team if all members were zealots of emotionally wrought cats?”

Part of what this man was saying actually made sense, despite the seven solitary socks in his hands without pairs and all different shades of black he balled together in a cavalier stance toward organization. Collaboration is a tenet of mobile — the ability to receive, edit and share with co-workers by group permissions set by IT stands as the pinnacle of best practices today in the consumerized consumption of smartphones and tablets.

“Does security concern you at all, doctor?” I asked. “Recent studies have shown some popular dating apps are rife with security sieves, from phishing to very liberal culling of information from other apps — even work ones.”

The doctor reflected, looking down upon the suds-laden mess he created from overloading the washer.

“Of course I care about security,” he said. “Again, if we look at Grumpy Cat’s video hits, people are wasting hours and hours of productivity watching its mewling scowl. Within mobile device management and app management, one could set security policies to turn off YouTube when too much time is spent with grumpy cats, lethargic pandas or even trite unicorns.”

While the good doctor was correct, his ideas are still more insane than the fervor for a cat that doesn’t even play piano. When Eistheimer went to get more change to purchase a tiny packet of fabric softener sheets, I took what remaining dignity I had left as a tech reporter and skulked into the shadows of the 2:30 p.m. fading light, desperate to find some information of value on the state of apps.

Now for Something Completely Different — And Actually Informative

While the “visionary” use of app data in other lines of business might be off, apps are clearly the choice for a native feel in mobile user experience. Security will be paramount in coming years as employees untether even more from cubes and cables for the freedom of couches and the cloud.

A recent IBM-sponsored Ponemon Institute study lifted the veil on the staggering state of mobile app security today — or the lack thereof, as it — highlighting just how vulnerable organizations and users are because of unsecured apps.

Almost 40 percent of companies aren’t scanning the code in their apps for security vulnerabilities, and more than 33 percent never bother to test their apps. While organizations spend an average of $34 million annually on mobile app development, more than half of them don’t devote any budget whatsoever to mobile security. To hearken back to the good doctor’s sociodemographic theory, more than 60 percent of dating apps are vulnerable to cyberattacks; the negatives of such movement from phone to network probably won’t ever be offset by Eistheimer’s efficiency theory.

It is a dangerous and complex mobile world out there, and it will only become more perilous as devices become more powerful and data pipes deliver more information more quickly. Insight, security and management must be on IT’s mind with mobile, as it has been through every other tech turn. Also, remember that I took Eistheimer’s call thinking it had an air of legitimacy. Do you think your other lines of business will be immune to his theories of getting more work out of data? It’s just a profile away.

Read the Ponemon Study on the State of Mobile Application Insecurity

More from Application Security

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Audio-jacking: Using generative AI to distort live audio transactions

7 min read - The rise of generative AI, including text-to-image, text-to-speech and large language models (LLMs), has significantly changed our work and personal lives. While these advancements offer many benefits, they have also presented new challenges and risks. Specifically, there has been an increase in threat actors who attempt to exploit large language models to create phishing emails and use generative AI, like fake voices, to scam people. We recently published research showcasing how adversaries could hypnotize LLMs to serve nefarious purposes simply…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today