Research reveals iOS and Android app data leakage – and what it means for enterprises

James is editor in chief of TechForge Media, with a passion for how technologies influence business and several Mobile World Congress events under his belt. James has interviewed a variety of leading figures in his career, from former Mafia boss Michael Franzese, to Steve Wozniak, and Jean Michel Jarre. James can be found tweeting at @James_T_Bourne.


A new report from cloud security provider Zscaler has revealed the extent of data leakage from iOS and Android apps – and the threat this poses to enterprises.

In a blog post entitled ‘Are mobile apps a leaky tap in the enterprise?’, the company analysed more than 45 million transactions related to mobile devices through its cloud, and found that 0.3% of the 20 million Android transactions and 0.5% of the 26 million iOS transactions are resulting in some level of privacy leakage.

For 58% of Android and 72% of iOS privacy leaks, the information is around device metadata – apps sending identifying information, such as network, OS and SIM card. 39% and 27% of Android and iOS respectively was around location, including exact latitude and longitude coordinates, while 3% for Android is PII (personally identifiable information) leakages, such as mobile numbers and email addresses. For iOS, PII is at 0.2% of overall leaks.

“These statistics demonstrate that significant amounts of personal data can be leaked simply by tapping into any organisation’s traffic,” Viral Gandhi, senior security researcher at Zscaler notes. “In our cloud alone we saw nearly 200,000 examples of such leaks. All that leaking data can be leveraged for more sophisticated attacks.”

Zscaler notes that, while PII may be the most lucrative information on the surface – email and phone details represent the quickest way to target a user – device metadata, which represents the bulk of the attacks, can be leveraged for tracking a device and creating targeted attacks. Furthermore, hardware identifiers like MAC, GSM IMEI, IMSI, and UDID, are globally unique and do not change over the lifetime of a device.

Ultimately, the company notes that observing the leakage from iOS and Android apps is another warning for companies to protect their users and their broader network infrastructure. “They should be applying strict MDM policies and educating employees about app security in an effort to stave off any kind of data loss or security breach,” Gandhi adds.

You can read the full post here. in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *