Mobilisafe Study: Android Apps Show More Security Holes
Chalk up another one for those control freaks at Apple.
In a recent study of small and medium-sized businesses, Seattle startup Mobilisafe found that security vulnerabilities on Apple’s mobile devices were largely tied to the company’s iOS platform. The apps that run on those devices, subject to Apple’s picky curation policies, barely registered as security risks.
On Google’s more widely seeded Android platform, the difference was striking: Apps for Android devices made up about half of the security holes found in the study, Mobilisafe CEO Giri Sreenivas says.
“This is of particular concern, given that the Android market is relatively unregulated, relatively uncurated as opposed to the iOS App Store,” Sreenivas says.
That doesn’t mean, however, that IT guys are jumping for joy if their company’s employees are mostly Apple fans. Mobilisafe’s study, which tracked nearly 40 million individual connections to business IT networks, found 71 percent of all devices had “high severity” vulnerabilities that could allow a hacker to gain access to the device with relative ease. And new high severity vulnerabilities were seen on average every 1.6 days.
It’s the dicey side of a huge influx of personal mobile devices in the workplace, known as the “bring your own device” trend, which businesses are just beginning to face—analysts predict that mobile users will surpass traditional PC and laptop users in short order.
Mobilisafe is among the companies hoping to build a business on this trend by offering companies a simple way of managing the array of workers’ personal devices connecting to employer IT networks. The company, started by veterans of the mobile industry who came most recently from T-Mobile, is backed by Madrona Venture Group and John Stanton’s Trilogy Equity Partners.
Previously in a private beta test, Mobilisafe is now open for “early adopter” signups from small and medium-sized businesses. And the startup is talking a bit more about what its software-as-a-service product will look like.
Mobilisafe employs traffic filters that identify the mobile devices connecting to a company’s IT network. While I couldn’t find pricing data on the website, Mobilisafe does say that it offers protection “on a per enterprise application basis,” which means businesses can use it to protect individual programs that employees might access, like email or contact-management systems. It also integrates with employee directory software to associate individual devices with the employees using them.
IT professionals get a simple display that shows individual devices, the person using them, and a score that indicates how risky the device is. Once those are identified, the IT department can send an email asking a user to make security upgrades and give the device a certain period of time to make the fix before cutting it off.
Although the company’s study found a growing number of serious security holes, Sreenivas says there’s good news—most of those vulnerabilities can be addressed by getting employees to update their device to the latest operating system firmware, which fixes known holes. But Sreenivas says there’s just not enough transparency about the problem at present.
“It was pretty clear from our conversations that SMBs [small and medium-sized businesses] didn’t feel like they had any tools that did anything like this,” he says.
Sreenivas says Mobilisafe is differentiating itself by focusing on small and medium-sized businesses, and figures to have an advantage with its team’s specific experience in the mobile realm. Sreenivas and co-founder Dirk Sigurdson joined T-Mobile at about the same time in 2008, and worked together on the Android software development team.
“The mobile ecosystem is a very different animal compared to the laptop, desktop, and server space,” Sreenivas says. “We have significant experience navigating that ecosystem for over a decade. We understand that space very well, and we think that’s going to continue to give us a leg up.”