WhatsApp and Facebook Messenger raise mobile security alerts

253

Appthority, a leader in offering enterprise mobile threat protection has released its Enterprise Mobile Security Pulse Report for the second quarter of 2018. And the report says that WhatsApp and Facebook Messenger app usage are found to be most risky in enterprise environments on both iOS and Android devices. The company also specified in its report that the results are based on millions of ongoing mobile security scans and performance of apps in enterprise environments.

Specifying the risks associated as per the iOS mobile operating systems, WhatsApp, Facebook, traffic and navigation service app Waze topped the list of Appthority Mobile Threat Risk Score. For Android platform, in addition to the ones specified above, Telegram was also found to be malevolent.


“ Our latest Enterprise Mobile Security Pulse Report confirms enterprise exposure to risks from excessive data gathering and sharing by commonly used social and communication apps”, said Seth Hardy, the Director of Security Research, Appthority.

The reason for blacklisting WhatsApp and Facebook messenger chats were due to the fact that they were causing data spillage, such as sending address book and SMS data to remote servers and for showing other vulnerabilities such as disabling default HTTPS encryption and using JSPatch for hit patching, which is a procedure banned by the App stores.

Appthority Pulse report also signifies the risk offered by those apps that access data for advertising purposes. For example, ad-supported apps typically include third-party advertising libraries, which are not managed by the original app that enterprise employees trust and install. Therefore, the info accessed by these apps is in general not monitored or regulated by the original apps, users or by enterprises.

Moreover, we aren’t sure that the data accessed by these apps remain on their platform or is being shared with other servers operating remotely.

As app development economy is heavily supported by ads, eliminating all the apps that collect user data might not be practically possible in reality. But Appthority security analysts say that users can stay cautious by selectively granting permissions to apps accessing data and deploying mobile threat defense solutions which help in mitigating the risk to a large extent.