When it comes to mobile usage and corporate IT, the problem of shadow IT is well-known: Using unsecured personal devices to access company data and sensitive resources can open up big attack vectors for cybercriminals. Given that it’s the holiday season, there’s even more to worry about thanks to the thousands of shopping apps available in public app stores, which can cause even more issues, especially around company compliance and fiscal policies.
Popular shopping apps for instance often offer in-app purchasing capabilities; a full 62 percent of them do, according to a report from Flexera Software. Unfortunately, an organization might have other software licensing and compliance policies around app procurement that could also be circumvented by in-app purchasing. Further, these could expose an organization to unwanted additional costs if the device is tied to a corporate credit card account. And companies must pay licensing fees for all of the apps they purchase—even if the employee is purchasing features and functions for personal use.
To compile the report, Flexera identified 26 popular shopping apps, representing a small sampling of the thousands of shopping apps found in the Apple (News - Alert) App Store that could easily be downloaded by employees to a corporate-issued or BYOD mobile device. These apps were tested using AdminStudio Mobile, an Application Readiness solution that helps organizations identify, manage, track and report on mobile apps, simplify mobile application management, reduce mobile app risk and address the rapidly growing demand for mobile apps in the enterprise.
The report also found that similarly, 92% of apps tested can access GPS location tracking services. Confidentiality and privacy concerns in many organizations would prohibit unapproved apps from tracking employee location information.
Moreover, to advertisers, location is one of the most valuable things on a device, so many apps access this data solely to pass along to advertisers. Consequently many organizations restrict apps that can access location services on employer-issued or BYOD devices.
All of this underscores the importance of knowing what those apps do and how they could interact with sensitive corporate data, according to Flexera.
Edited by Maurice Nagle