Wandera, the leader in mobile data security and management, today announced the findings of its latest quarterly Mobile Data Report – an analysis of mobile security and data usage trends and traffic patterns across its global network of enterprise mobile devices.
App leaks continue
The report reveals a continued rise in apps and mobile websites leaking credit card data, with several new cases from prominent brands, including the Hong Kong metro system. Wandera has discovered a 17% increase (Q1 2016 vs Q4 2015) in apps and mobile websites leaking credit card data since announcing the discovery of the CardCrypt security flaw in December 2015. CardCrypt affected 16 global companies’ mobile websites and apps who were shown to be transmitting users’ credit card details, and in some cases passport information, unencrypted and ‘in the clear’.
Wandera is in contact with the site and app owners of the latest cases in pinpointing root causes and supporting remediation.
Exposure to malicious domains
Among the key findings of the report is the unusual and accelerated growth in malicious domains visited by users in Q1 2016. A massive 200% increase per month through the quarter was attributed to a concerning rise in ad frameworks used within apps and websites that are directing users to domains with a history of malicious activity. The report revealed that while improved education seems to be helping users avoid visiting malicious websites through typical routes (phishing attacks or unwise browser use), users are nonetheless increasingly being exposed to malware through compromised adverts in the apps they are using.
“The report illustrates that despite their best efforts in avoiding malware, for instance through identifying phishing attacks, users are unfortunately being caught unawares by compromised ad frameworks in trusted apps,” said Eldar Tuvey, CEO of Wandera. “Even the app owners themselves are not directly responsible for the adverts that may appear within their apps, as they come from the frameworks, so CIOs must help their employees with further detailed education on what may constitute a compromised ad. One wrong tap in a game or in-app ad might be enough for the user to be redirected to an unofficial app store, fake website or to be directly offered the installation of a malicious app.”
Greater encryption of data
On a positive note, Wandera also discovered a noticeable trend towards greater browser and app encryption. The research identified that 70% of the data from apps is encrypted, an increase of 21% in the last 12 months. Encryption of data within browsers has not risen quite so starkly however – a less pronounced increase of 13%, and a total encryption level of only 52%.
“It is of course a positive that encryption in browsers and in apps is increasing – but there is still an awfully long way to go, especially within browsers,” commented Tuvey. “Developers and brands are clearly recognising the importance of encryption, hence the gradual rise in security measures being put in place. But the rate of improvement must continue, and even accelerate in order to support enterprise security. In the meantime, the onus remains on the enterprise itself to enforce its own monitoring, rules and education to counter the risks.”
Data usage in the enterprise
Wandera identified the top 10 apps by data usage on enterprise devices over the last three months. Unsurprisingly, email and Safari represent the majority of data usage – 34%. But five of the remaining eight apps are all non-work-related: Facebook (10%), Instagram (3%), Twitter (2%), WhatsApp Messenger, Spotify Music and Snapchat (all 1%) – showing a clear non-work-related usage trend on enterprise devices.
Wandera’s research also found that employees are learning to reduce their data usage to conservative levels when roaming – video consumption drops from 14% of domestic data to 4% when roaming – indicating that employee education is working.
“While the top ten apps are unsurprising at first sight, it must be remembered that this is based on enterprise mobile devices,” Tuvey continues, “CIOs need to be appreciative of how non-work-related apps such as Facebook and Snapchat are swallowing up huge portions of corporate data allowances, leaving an enterprise at risk of bill shock. Usage rules and education are the most effective means of minimising excessive consumption of data, and as we can see from the statistics on roaming data consumption, education does work.”
iPhones were also shown to be the biggest driver of increased data usage in the enterprise – compared with Samsung devices, whose users only consume 44% of the data used by the average iPhone user.
The full Q1 2016 Mobile Data Report can be downloaded here: https://www.wandera.com/mobile-data-report/.