TechTronBlog.com

Technology, Innovation, Collaboration
Menu
  • Features
  • Gadget
  • Mobile
  • Uncategorized

Daily Tech Updates Sent to your Email

Join our Newsletter
Home
Features
Abandoned apps like TikTok pose a security risk in a BYOD world
Features

Abandoned apps like TikTok pose a security risk in a BYOD world

August 17, 2020

Social media apps put corporate networks at risk and provide raw material for deep fakes.

” data-credit=”Image: Wachiwit/Getty/IStock” rel=”noopener noreferrer nofollow”>istock-1169692106.jpg

Image: Wachiwit/Getty/IStock

It’s hard to say what the ultimate fate of TikTok will be: Acquired, banned in the US, split into two companies, or something else entirely. For IT teams managing mobile devices, the security risk is real right now. The current version of the TikTok app may meet some corporate standards, for teams willing to ignore the risks inherent in the platform.

Those risks will grow over time as new security threats develop, and there is no way to update the app, according to Michael Covington, vice president of product at Wandera.

Although TikTok fixed some security problems earlier this year, the app collects a lot of information and prevents code auditing. This includes anti-debugging and anti-reversing techniques.

“Obviously you don’t want your competitors to download your app and see what you are doing but it does seem they have gone above and beyond to obscure their code,” Covington said.

Wandera also monitors popular app sources for changes in availability and recently looked at how many apps had been both downloaded by users and removed from app stores over six months. Based on data from data from November 2019 to April 2020, 39% of abandoned apps with live installs were in the productivity category, and 30% were in games and entertainment.

SEE: Mobile device computing policy (TechRepublic Premium)

Wandera analyzed the latest iOS and Android versions of TikTok as of early August to measure the risk level of the app. The researchers rated the app as a medium risk and found that the Android version requested 67 permissions and had six embedded URLs which represent network connections. The researchers noted that the average number of permissions requested by Android apps is nine. Some of the riskier permissions include:

  • Access fine location
  • Access coarse location
  • Request install packages
  • Receive ADM message

According to Wandera’s analysis, less than 20% of other apps request these permissions, including less than 5% for the last two requests.

Wandera analysts rated the latest iOS version of TikTok as a medium risk with the biggest issue that the app uses sensitive APIs which are normally not allowed by Apple, such as exact location and contact list access. 

“It’s hard to say the use of these permissions indicates TikTok is up to something because it’s what they do with the information that is the question,” Covington said.

Covington said that keeping sensitive business content off TikTok is not a sufficient security tactic. 

“Now you have to worry about your voice and your likeness and how that content could be used against you in other settings,” he said. “People are finally starting to comprehend that personal information has value.” 

Managing the risk on BYOD phones

Wandera provides endpoint security for devices, applications, and data. The company has solutions for managed devices as well as BYOD settings. For managed devices, Wandera’s solution allows IT teams to set policies around applications that users can’t work around. For devices that are not provided by an employer, Wandera’s threat intelligence engine MI:RIAM analyzes a device for malware and unapproved apps when a user launched a protected app such as Slack or Microsoft 365.

To measure the security risk of a particular app, Wandera tracks and analyzes the network connections an app makes.

Convington said Wandera analyzes app activity in a dynamic environment to understand the final destination for these connections.  

“Sometimes you’ll have one endpoint that keeps handing out other destinations to go to,” he said. 

Wandera focuses on ad networks analysis to watch for networks that have a history of hosting phishing attacks and scams.

Covington said that among Wandera clients he has seen a 50/50 split between unmanaged  devices (BYOD) and devices managed by an employer. He predicts that this will change over the next few years with more companies moving to protected but unmanaged devices secured with mobile application management without enrollment.







5G and Mobile Enterprise Newsletter


5G networks and devices, mobile security, remote support, and the latest about phones, tablets, and apps are some of the topics we’ll cover.
Delivered Tuesdays and Fridays




Sign up today




Also see


Share
Tweet
Email
Prev Article
Next Article

Related Articles

https://www.techrepublic.com/article/weak-and-infrequent-cyber-crisis-training-is-leaving-companies-vulnerable-new-research-says/#ftag=RSS56d97e7

Weak and infrequent cyber-crisis training is leaving companies vulnerable, new research says

https://www.techrepublic.com/article/cisos-should-put-ad-fraud-security-on-their-radar/#ftag=RSS56d97e7

CISOs should put ad fraud security on their radars

About The Author

Leave a Reply

Cancel reply

Recent Posts

  • New tech and gadgets you absolutely can’t miss
  • Razer Pro Click ergonomic wireless mouse maximizes your productivity
  • Lume Cube Panel Mini Bicolor LED Light provides on-the-go lighting for photographers
  • LINKA LEO GPS Smart Bike Lock can track your bicycle’s movements in more than 100 countries
  • Razer Pro Glide soft mouse mat cushions your hand during use

Recent Comments

    Archives

    • August 2020

    Categories

    • Features
    • Gadget
    • Mobile
    • Uncategorized

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org

    TechTronBlog.com

    Technology, Innovation, Collaboration
    Copyright © 2021 TechTronBlog.com
    Theme by MyThemeShop.com

    Ad Blocker Detected

    Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

    Refresh