ThreatList: Popular Apps Get Enterprise Blacklisted

Mobile apps on BYOD handhelds tend to keep enterprise security pros worried. Between apps that are malicious, others that leak data and ones with pushy permissions – it’s hard to determine what’s safe and what might violate company rules.

On Wednesday, Appthority released its annual list of the most popular apps used in the enterprise. Of those most popular apps, Appthority then determined which ones were the riskiest and most often blacklisted.

“This quarter, we continued to see enterprises being exposed to data leakage and privacy risks from many commonly used apps, particularly chat apps,” Jill Richards, head of marketing for Appthority, wrote.

For iOS devices, WhatsApp Messenger, Facebook Messenger, and Waze topped the list as the riskiest apps most often found in the enterprise. For Android, the riskiest apps were WhatsApp Messenger, Facebook Messenger, instant messaging and VoIP service Telegram.

Top app categories blacklisted by enterprises were messaging, social networking and dating apps.

“Enterprises blacklist apps for a variety of security concerns including specific malicious or data leakage behaviors, security policy compliance, and concerns about data handling,” researchers wrote.

Top three Android blacklisted apps were Facebook Messenger, Wickr Me and WhatsApp Messenger. Facebook Messenger, WhatsApp Messenger and Tinder were the top three iOS apps.

Appthority said both Waze and Telegram were new to the list compared to last year’s roundup. Apps were dinged, according to Appthority, because they were caught sending address books and sending SMS messages and disabling default HTTPS encryption.

“For iOS, apps scored in the data leakage range for sending the device name, in the vulnerability range for using JSPatch for hot patching (which is no longer allowed in apps on the App Store) and in the suspicious range for accessing location,” report authors wrote.