The business risks of smart phone apps


Date: 12 November 2012

The business risks of smart phone apps{{}}Smart phone applications could pose a significant threat to your company’s IT system in terms of security, availability or mobile data costs if left unchecked.

In a worst-case scenario, valuable and sensitive data could be at risk if you allow employees to download and install apps at will to their personal and work devices.

Read the terms and conditions

While smart phone settings can vary from device to device, all potentially leave a company open to abuse. Every time you install an app, it's important to check what resources and data the app is requesting permission to use.

At some point, everyone has skipped through lengthy terms and conditions to save time. It's these terms and conditions which often explain what data the app will use and how it will use it - so not reading them could mean unwittingly giving an app control over sensitive data, or even the phone itself.

Although an app may appear to be a harmless game or a useful productivity tool, there is nothing to stop it from including code to send a text message, make a phone call or even read data stored on the phone and upload it to an external server.

Minimise app risks

To minimise these risks, your business and its employees should consider some simple steps:

  • Only use apps from credible sources. Check the app's website to see who created it. Search online for the name to see if anyone else has reported problems with it.
  • Ask if you really need each app. The fewer new apps you install, the lower the risk.
  • Check the developer behind the app. Are they established and trustworthy? Do they have something to lose?
  • Check what permissions the app is asking for. Are these what you'd expect? For instance, a collaboration tool might need access to the phone functions or the internet, but would a standalone game?
  • If in doubt, say no to the download or modify the permissions (if you can) to only let it access the features you'd expect it to need.
  • If you are unsure about anything, seek advice from someone who knows what it all means - such as your IT manager, your IT supplier or an expert.

How sure can you be that a company promoting an app has not included hidden features or a developer has not included some malicious code? Software vendors with a track record of delivering solutions to businesses generally have the development disciplines in place to protect you from these risks, so beware the unproven startup or one man band developer.

Smart phone apps are extremely attractive, but it’s important not to forget that under the veneer of simplicity, IT is extremely complex. Your systems can be manipulated by people who understand that complexity, if they are left unchecked.

Paul Ridden is Managing Director of Skillweb, a privately owned, UK based business that provides technology solutions designed to help organisations manage their mobile workforces and track the movement of their goods.

What does the * mean?

If a link has a * this means it is an affiliate link. To find out more, see our FAQs.