By Robert Westervelt, News Director
LAS VEGAS -- A variety of mobile applications could tap into sensitive business data, such as contacts, email and calendar items, while often failing to properly secure the information.
That's the message from Domingo Guerra, president and co-founder of San Francisco-based Appthority Inc., who told SearchSecurity.com enterprise IT security teams should do more to monitor their employee's mobile device behavior or risk losing valuable intellectual property.
Mobile app privacy is an increasing cause for concern among enterprises, Guerra told SearchSecurity.com, because mobile apps are easily downloaded and can tap into a variety of data sources that could potentially leak sensitive information. Google, Apple and other mobile platform providers say they scan applications for malware and gross negligence, but developers often request too many permissions, tapping into device data that is not needed to make an application work properly, Guerra said.
More from Black Hat 2012
For all the news, analysis, commentary and video interviews from Las Vegas, visit SearchSecurity.com's Black Hat 2012 special coverage page.
The problem arises because developers need to make money off of their creations. They often partner with ad networks, but those networks typically require data collection to some degree in order to sell ads.
"Developers want to monetize, consumers want free apps and then ad networks will pay developers to get all of that juicy data from their users," Guerra said.
At the 2012 RSA Conference, Guerra's firm won the Most Innovative Vendor award for its platform, designed to conduct static and dynamic analysis on mobile applications. It also scores apps based on reputation and the risks they pose by the data they collect and distribute.