March Madness Apps May Create BYOD Risk for Enterprises

Monday, March 14, 2016

InfosecIsland News


Unbeknownst to Employees, the Behaviors and Functions of Widely Used March Madness Sport and Media Apps May Violate Corporate BYOD Risk Policies

As American employees succumb to the frenzy of NCAA Basketball March Madness -- the growing roster of mobile apps feeding their obsession could pose a security risk to organizations if used on employer-issued devices or employee-owned, BYOD devices capable of accessing corporate data. According to a new report from Application Readiness expert, Flexera Software, many of the apps popularly used by employees to do everything from create brackets to follow their favorite NCAA teams -- could exhibit behaviors that violate corporate risk policies.

"Many of employees' favorite March Madness apps are able to do things like access their device's calendars, contact lists, address books, and social media accounts such as Facebook and Twitter. Some can also track employees' locations or access the device's texting capabilities," said Maureen Polte, Vice President of Product Management at Flexera Software. "Before CIOs can evaluate potential risk -- they must first understand what these apps do, the data they can interact with and the device functions they can activate."

The report found that of the 28 popular Apple iOS March Madness apps tested1:

  • 89 percent, including Daily Bracket, ESPN and March Madness Live, support advertising networks.
  • 79 percent, including CBS Sports, Dish and Tournament Challenge are capable of accessing the device's location tracking functionality.
  • 71 percent, including CBS Sports, Daily Bracket and March Madness Live are capable of accessing and sharing data with social networking sites connected to the device.
  • 68 percent, including ESPN, Sports Feed and Twitter can access the device's SMS texting functionality. 
  • 61 percent, including CBS Sports, ESPN and March Madness Live can access the device's calendar.

"These app behaviors and functions may or may not be risky for particular organizations -- depending on their definitions of risk. What may be considered safe for a manufacturing company may be risky for a financial institution," added Polte. "So, it's critical for CIO's to avoid potential risk and embarrassment by establishing their own BYOD risk profiles and policies, and then testing the apps used on BYOD devices to understand which ones violate those policies."

To compile the report, Flexera Software identified 28 popular March Madness, sports and media apps, representing a small sampling of those that can be found in the Apple App Store and that could easily be downloaded by employees to a corporate-issued or BYOD device. These apps were tested using AdminStudio Mobile, an Application Readiness solution that helps organizations identify, manage, track and report on mobile apps, simplify mobile application management, reduce mobile app risk and address the rapidly growing demand for mobile apps in the enterprise. 

Download the Report

SourceFlexera Software

Possibly Related Articles:
March Madness risks NCAA technology
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.