It turns out that employees working for large global companies are compromising IT security and putting sensitive business data stored on their devices at risk – by doing something as simple as adding a gambling app on their phone.
A security firm called Veracode performed an analysis that scanned hundreds of thousands of mobile apps that had been installed in corporate mobile environments. Reports indicate that some companies had as many as 35 mobile gaming apps found on their network environment, each posing as a potential security risk.
When the company began testing some of the most popular gaming apps found in these corporate environments, it was discovered that there are critical vulnerabilities that pose as a huge threat. These vulnerabilities could potentially allow hackers to gain access to sensitive information stored on the phone, including emails, contacts, location data, call history, and even recorded phone conversations.
Different apps may present different security risks, as outlined below:
Veracode did not provide specifics as to which gambling apps contained which particular vulnerabilities, but it is known that some of the apps tested include:
The problem with free mobile apps, including gambling ones, is that they typically bundle advertising libraries that syphon off user identity information and device details. Research indicates that these libraries don’t use HTTPS which potentially exposes sensitive data to man in the middle attacks.
Revising and implementing application blacklisting policies may be necessary to minimize the risk, and protect against unauthorized mobile apps leaking sensitive corporate data.