Anticipating the number of mobile devices to exceed the number of PC sales for the first time ever, you can bet the security risk associated with mobile devices will increase too. Here are a few aspects of security to keep top of mind:
Open Source Components
The development of open source components speeds innovation as the creators leverage and build upon the innovations of others. This open environment, in turn, drives interest in mobile applications, and the market is huge. Says Networkworld.com, 80 percent of software applications are open source components and frameworks. The average enterprise downloads more than 1,000 unique components from the central repository each month.
Like any software, open source does comes with risks, but they can be minimized. First, organizations often expose themselves to a higher security risk by deploying older, more vulnerable versions. Says Networkworld, Global 500 organizations collectively downloaded more than 2.8 million insecure components in one year. One study found that vulnerable versions were still being frequently downloaded, even when a newer version with a security fix was available.
Unlike commercial software, where enterprise IT relies on security patches and updates, the open source ecosystem places that burden on the user. In an open source environment, enterprise IT takes a more proactive role tracking the status of releases and patches for the components in their own ecosystem.
Applications that access your data are known as leaky apps. Users have become more aware, yet are often unsure how to prevent security breaches. In the last few years, apps have been known to uncover a phone's unique device ID, location, even a user's age and gender. In the face of self-promoted information via Facebook and LinkedIn, and the evolution of aggregator sites that share public information without your permission, it is becoming much more difficult to keep information private. Yet, there is still a real concern for and demand for privacy. Says McAfee.com, there is mobile security software that scans installed apps to determine the level of access being granted to each of them. However, users have limited ways to change application settings having to do with the transfer of some personal information.
Users can be proactive and learn what personal information they are giving up and what benefits they are getting in return, then consciously decide whether that particular tradeoff is worthwhile.
This includes permissions, too. Often users inadvertently accept permissions without paying attention to those things they are authorizing on their mobile devices. Most everyone selects the “Yes” button when asked to accept the Terms & Conditions before downloading an app without ever reading what was included? Further, beware of unnecessary permissions such as applications that request access to your contacts. Another simple move: users should turn off Bluetooth when not in use. As simple as it sounds, this move can help users prevent the inadvertent download of malicious applications or the transfer of personal information.