Love is in the air — literally as well as figuratively.
With Valentine’s Day a few days away, dating apps are on the minds of more than a few employees. So now’s the time to remind them about safe mobile app practices. That includes having technology that ensures staff have separate personal and corporate containers for mobile apps, and allowing them to only download corporate apps from a company-run app store, or one approved by the enterprise.
In a survey last fall IBM found over 60 percent of leading Android dating mobile apps studied were potentially vulnerable to a variety of cyber-attacks that put personal user information and corporate data at risk.
Twenty-six of the 41 dating apps analyzed in the Google Play app store had either medium or high severity vulnerabilities, IBM said in a news release this week.
Some of the vulnerable apps could be reprogrammed by hackers to send an alert that asks users to click for an update or to retrieve a message that, in reality, is just a ploy to download malware onto their device.
IBM [NYSE: IBM] found also 73 per cent of the 41 popular dating apps analyzed had access to current and past GPS location information. Hackers can capture a user’s current and past GPS location information to find out where a user lives, works, or spends most of their time.
Almost half of the apps analyzed had access to a user’s billing information saved on their device. Through poor coding, an attacker could gain access to billing information saved on the device’s mobile wallet through a vulnerability in the dating app and steal the information to make unauthorized purchases.
All the vulnerabilities identified can allow a hacker to gain access to a phone’s camera or microphone even if the user is not logged into the app, opening the possibility of someone eavesdropping or tapping into confidential business meetings.
Some of the specific vulnerabilities identified on the at-risk dating apps include cross site scripting via man in the middle, debug flag enabled, weak random number generator and phishing via man in the middle. When these vulnerabilities are exploited an attacker can potentially use the mobile device to conduct attacks, IBM said.