100,000 Snooping Native Apps vs Mobile Web Security
Native app vs mobile web is a dumb argument. The solution is blindingly obvious:
- If you want the best possible user experience and have the budget, develop multiple native applications.
- If you want an inexpensive cross-platform solution, develop a mobile web application.
You obviously need to consider capabilities, connectivity, delivery, versioning and monetization, but those issues are often inconsequential.
However, one factor which is rarely mentioned is security. According to a recent report by Bit9 — who claim they’re a global leader in Advanced Threat Protection — 26% of native applications access users’ personal data. Of the 400,000 Android apps analyzed in the Google Play Store, 100,000 were classified as “suspicious” or “questionable”:
- 42% of applications access GPS location data
- 31% access phone calls or phone numbers
- 26% access personal data including contacts and emails
- 9% use permissions that can cost the user money
It’s not necessarily those you expect either; apps such as wallpapers, games and utilities could delve into your private data.
Bit9 also surveyed IT security usage policies and discovered that:
- 71% of organizations allowed employees to bring their own devices to work
- only 24% of these deploy application monitoring technology.
Before we go any further, remember that Bit9’s business relies on security protection. Like anti-virus vendors, they gain commercial benefit from scary surveys, statistics and statements. That said: it doesn’t surprise me.
In most circumstances, native apps exist to make money. Few do. But if you can release a useful or fun free app, it opens other monetary avenues. I’m always careful about what I install, but spam to my registered account quadrupled a month or two after buying a smart phone. Many users will install whatever they want regardless of security warnings.
It’s evident few organizations currently contemplate native app security, but that is certain to change following this report. Companies have two options:
- ban employees from using their own devices, or
- audit/whitelist native applications.
Either way, employees will need to consider alternative web applications. Of course, few web applications guarantee data integrity or security, but they cannot easily snoop on your private data unless you explicitly provide access.
The argument for native apps vs mobile web will continue but the decision could ultimately be taken from our hands.