Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Threat report warns of leaked passwords in mobile apps

Veronica C. Silva | Oct. 23, 2012
Even “trusted sources” for downloaded mobile apps are not secure, according to research by ThreatLabZ.

Mobile app users beware. Some of those mobile apps that you are downloading, even from what you think are from trusted sources, may be leaking out your passwords or personal information.

According to the latest security threat analysis by Zscaler, cloud gateway solutions provider, 10 percent of mobile apps leak passwords and login names, and about 40 percent of mobile apps communicate with third parties.

Threat analysis from Zscaler's ThreatLabZ also showed that 25 percent of mobile apps expose personally identifiable information.

Zscaler noted that there are over one million mobile applications currently out there, and more than 1,500 new apps are being released every week. With the popularity of mobile devices and free apps, users are sometimes misled to think that downloading apps from what they think as trusted sources are secure. On the contrary, Zscaler said this is not always the case.

Threat analysis tool

Using the Zscaler Application Profiler (ZAP), a free online tool for assessing mobile apps for security risks, ThreatLabZ analysed hundreds of mobile apps and found that "many popular apps leave user names and passwords unencrypted."

The same lab team also found out that some apps are capable of sharing personal information - such as names, e-mail addresses and phone numbers - and communicating with third parties, including advertisers.

"App stores have strict guidelines about which logos and colours developers can use, yet application security remains largely unenforced," said Michael Sutton, vice president of Security Research, Zscaler.

To protect users from threats posed by mobile apps, Zscaler is offering its ZAP tool to help mobile app developers, users and enterprise IT groups can easily assess the security risks of apps before they are installed.

Sutton added that the easy-to-use ZAP tool can also analyse installed apps if they are violating any privacy guidelines.


Sign up for CIO Asia eNewsletters.