June 15, 2017
Sideloaded Apps Demo: How Third-Party Apps Can Leak Corporate Data
Today, 11 percent of enterprise iOS devices have a sideloaded app, according to research uncovered in the Lookout dataset. If a typical enterprise has at least 5,000 employees, that's upwards of 550 people with sideloaded apps on their devices.
Sideloaded apps, though not all malicious, put enterprise data at risk because they have not been reliably vetted by any party other than the developer. Developers do not know about an enterprise's internal security policies, regulations they must follow, or other compliance concerns. This means that applications often do not fit an enterprise's security requirements.
Sideloaded apps are also used in phishing schemes, as seen with the ViperRAT surveillanceware, which used a spoofed SMS message to trick people into sideloading the malicious software.
Watch this video on how the ways apps are configured could leak data and put enterprises out of compliance.
The Mobile Risk Matrix maps out different threats and risks to corporate data and how they impact an employee's device. Phishing is great example of how one threat may touch on many different segments of the Mobile Risk Matrix.
For example, the attacker may send a spoofed email to your employee pretending to be the IT department asking the employee to download new software. Trusting the IT department, the employee downloads the software, awards it permissions, and goes on working. Meanwhile, the malware starts stealing data in the background. This represents a multi-faceted attack that touches different elements of the Mobile Risk Matrix:
- App threats
- App behaviors and configurations
Watch the demo to learn more about sideloaded apps and how Lookout can help security and IT teams remediate the problem. Contact us today if you want to learn how Lookout can specifically help your organization protect data.
Book a personalized, no-pressure demo today to learn:
- How adversaries are leveraging avenues outside traditional email to conduct phishing on iOS and Android devices
- Real-world examples of phishing and app threats that have compromised organizations
- How an integrated endpoint-to-cloud security platform can detect threats and protect your organization