The Mobile Threats Lurking In Our Applications

Sachin Sharma

Author: Sachin Sharma

Sachin Sharma is a product line marketing manager for VMware EUC, including VMware App Volumes. Prior to VMware, he was senior systems engineer at Wanova, which VMware acquired and developed into VMware Mirage. He has over 12 years of IT, systems management, engineering and consulting experience, including Nimsoft.

Share This Post On

Vivien Raoul, Pradeo co-founder & CTO, urges enterprises to consider the mobile threats that arise from applications and shares insights from Pradeo’s 2018 Mobile Threat Landscape Report.

Last year, mobile applications were the target of choice for cybercriminals, with 86% of mobile threats using them as an attack vector. To get an accurate overview of mobile threats, it’s interesting to observe how mobile applications can jeopardize data privacy. A mobile application can threaten users in two different ways:

  • By performing malicious or unwanted actions: in this case, the nature of the app is compromised. Hidden behind a front (game, tool…), the app’s purpose is to steal sensitive data.
  • By being vulnerable to attacks: this occurs when an app is developed with security flaws and those can be exploited by hackers to access private data.

Pradeo’s researchers recently published a report of the mobile threats currently surrounding enterprise, with a focus on data privacy violations, malware and Open Web Application Security Project (OWASP) vulnerabilities related to mobile apps. This article features some of our findings.

Download Pradeo’s latest report: Mobile Threat Landscape 2018

Data privacy violations, the biggest mobile threat

Far ahead of network exploits, OS manipulations and malware, data privacy violation is the main threat our mobile data is exposed to, with 61% of Android mobile applications and 36% of iOS mobile applications sending data through remote servers. Most of the time, data is sent by libraries included in mobile applications for tracking and marketing purposes. However, Pradeo identified that 16.8% of applications establish connections to uncertified suspicious servers. Discover what data is sent to the network in the full report.

Health and bank data are a privileged target

The Pradeo lab observed a jump in overlay malware among zero-day threats in the last 6 months.

Overlay malware is designed to mimic legitimate applications to harvest credentials. It tricks users into entering sensitive data in a fake window, collecting and forwarding them to a remote attacker. 83% of these malware target bank and health apps, industries where data theft is predicted to grow.

OWASP vulnerabilities, the cost of negligence

Every month, thousands of mobile applications are released and the amount of apps available on popular marketplaces or stores is currently estimated to be over 4 million. In a recent study, the Ponemon institute identified that only 29% of mobile applications are being tested for flaws. The lack of security measures during the app development life cycle results in 31% of mobile applications hosting OWASP vulnerabilities, exposing them to Man-In-The-Middle attacks, data leakage, denial of service, and more.

VMware Workspace ONE and Pradeo MTD can help with end-to-end protection of mobile endpoints

Pradeo Security Mobile Threat Defense integrates with Workspace ONE to identify and block threats on users’ devices. Non-compliant devices and applications are automatically synchronized on the Workspace ONE platform to reduce risk of mobile threats and provide a complete view. Learn more about the integration here.

About Pradeo

As a member of the VMware Mobile Security Alliance, Pradeo helps companies meet end-to-end mobile security requirements. Pradeo provides a set of solutions, including mobile endpoint security, runtime application self-protection and mobile application security testing, to identify security flaws, set a robust security framework and automatically prevent attacks. Pradeo next-generation technology, recognized by Gartner for the fourth consecutive year, provides reliable threat detection thanks to its patented artificial intelligence process.

Interested in learning more about Pradeo? Check out and the VMware Workspace ONE Marketplace for more information.

Pradeo’s Mobile Threat Landscape report is based on a sample of 2 millions Android and iOS mobile applications, analyzed by Pradeo’s Artificial Intelligence engine. Get more details about the mobile threat environment currently surrounding us in the full report.

About the Author

Since 2008, Vivien Raoul, Pradeo’s co-founder and chief technical officer, has committed himself to creating a next-generation technology that provides reliable mobile device threat detection and master applications. Pradeo Security solution is the result of several years of research and development and takes mobile security to the next level.

468 ad