Smartphone apps could pose serious business risks

Smartphone applications could pose a significant threat to a company's IT system in terms of security, availability or airtime costs if left unchecked. This is the opinion of Paul Ridden, Managing Director of mobile computing firm Skillweb, who believes that in a worst case scenario valuable and sensitive data could be at risk if businesses allow employees to download and install apps at will to personal and work devices.

"Whilst smartphone settings can vary from device to device, all potentially leave a company open to abuse, if the downloader does not check the resource permissions requested by the app. Furthermore, everyone has at some point skipped through terms and conditions to save time which now often include these permissions, but this could mean unwittingly giving an app control over sensitive data or the phone itself," explains Ridden.

The security controls are the only means by which a software developer is restricted from taking control. Although an app may appear to be a harmless game or a useful productivity tool, there is nothing to stop a developer from including programming code, which could send a text message, make a phone call or even read data from storage and upload data files to an external server. Therefore, a business and its employees should consider some simple steps to minimise the risk:

1. Only consider apps from credible sources
2. Ask yourself do I really need this app
3. Check the developer to see if they are trustworthy and have something to lose if they are found out
4. Check what permissions the app is asking for and if these are expected (a collaboration tool might need access to the phone or the Internet, but would a standalone game?)
5. If in doubt say no to the download or modify the permissions (if you can) to only let it access the expected features
6. If you are unsure seek advice from someone who knows what it all means such as your IT department, your software partner or an expert

Ridden concludes: "How sure can you be that a company promoting an app has not included hidden features or a developer has included some malicious code? Software vendors like Skillweb who deliver solutions to enterprise businesses generally have the development disciplines in place to protect you from these risks so beware the unproven startup or one man band developer."

"The powerful combination of Smartphone and downloadable apps is extremely attractive, but it's important not to forget that under the veneer of simplicity IT is extremely complex and your systems can be manipulated by those that understand the complexity if they are left unchecked."