Mobile Security Blog | Pradeo

How to vet mobile apps before issuing them to collaborators

Written by Roxane Suau | June 30, 2020

Cybersecurity experts are unanimous, mobile apps are hackers’ preferred vector to exfiltrate valuable data from mobile devices. Yet, the flexibility they offer makes them irreplaceable for both work and personal usages. Today, companies cannot afford to forbid public apps usages to their collaborators, even in the most sensitive industries. However, it doesn’t mean they should turn a blind eye to app-related risks.

 

The Pradeo Security engine has audited the security of over 98 million mobile applications used by collaborators all over the world, going from professional services, transportation, tools, to social media, games, etc. These audits have constituted and continuously complete a global database of mobile app security reports, accessible to companies wishing to assess apps prior to their distribution.

 

Use case: Security vetting as part of the app distribution process

Companies often manage mobile devices through the use of mobile device management (MDM) solutions. These platforms offer mobile app management (MAM) services that departments in charge of mobility use to distribute private and public mobile apps to the mobile workforce. But MAM functionalities do not address app security and public apps developed by third parties are either trusted by default, or not distributed at all.

To close the security gap and enhance the distribution process, Pradeo’s global app database supports administrators by providing them a clear status of applications’ security state that they can act on (Android and iOS). As security needs vary from one industry to another, the platform allows users to entirely customize their security policy. If the app reflects the company security standard, it can be issued safely.

For IBM customers, please note that MaaS360’s App Approval workflow integrates Pradeo Security apps’ security report directly in the MaaS360 interface. You can find more details about this service here.

 

Download our Mobile App Security Testing brief

 

What’s in Pradeo’s mobile app security reports

The Pradeo Security engine performs multidimensional analyses to identify apps’ malicious activities, leaky behaviors and code vulnerabilities. With these information, it automatically concludes on apps’ nature and generates comprehensive security reports offering visibility on:

  • Malwares: Malicious signatures and 0-day malwares such as keylogger, screenlogger, overlay, ransomware, OTP interceptor, rootkit, trojan, etc.
  • Data processing activities: All actions (tampering, sending…) performed on users’ data such as call logs, SMS, credentials, location details, etc. with highlights on personal data manipulation protected by the GDPR, FTC Act and other data protection regulations.
  • Code vulnerabilities: All vulnerabilities referenced by the OWASP mobile security project, the US national vulnerability database, US-CERT and others.

 

When apps aren’t secure, cybercriminals always find a way in. Vetting apps before collaborators use them is a proactive approach that prevents attacks caused by apps’ inside threats and flaws. To ensure the protection of apps at runtime, please refer to: