NowSecure, the recognized leader in Mobile Application Risk Management (MARM), announced the launch of NowSecure Mobile Application Risk Checker (MARC), the first and only free public risk checker for mobile applications. MARC delivers actionable insights on thousands of mobile apps so IT risk, privacy and security professionals can quickly recognize sources of mobile app risk in order to uncover, understand and address them.
“Mobile app data is as sensitive and business-critical as it gets, yet relative to web and cloud application development, there’s a glaring lack of attention given to managing data security and privacy risk both within the app itself and with 3rd parties,” said NowSecure CEO Alan Snyder. “We launched MARC as a free public service to raise awareness of this critical business and consumer risk.”
Introducing NowSecure MARC (Mobile Application Risk Checker)
While it’s common for mobile apps to contain or have access to highly sensitive data — for a variety of reasons — to execute financial transactions or manage personal health information — organizations rarely have visibility into the third-party components developers use to build them. Recent NowSecure research shows these components often contain hidden data flows that expose organizations to theft, leakage and loss. The uptick in mobile app-related breaches combined with the wave of new data privacy regulations underscores a simple truth: mobile application risk is data risk.
Also Read: Teradata Launches Autonomous Customer Intelligence to Transform CX at Scale
MARC is NowSecure‘s public database of thousands of apps, downloaded and tested from the Apple App Store and Google Play (no customer-provided data is included). Users can view actual application properties and behavior to spot potential issues by reviewing a list of observed properties and granular results across five high-level risk vectors:
- Permissions: What data is the app able to access? If not managed properly, dangerous permissions can permit malicious access to sensitive data and device features.
- Sensitive data collection and sharing: What sensitive data is observed in the app? Just as critically, if private data is not carefully managed, it can expose enterprises, customers, employees and partners to breaches and compliance violations.
- Privacy declarations: Does the app do what the developer says it does with user data?
Although required for listing in Apple and Google app stores, declarations on how apps collect and use sensitive data are often incomplete. Users are unaware of sensitive data collections, processing and where it’s being sent. - Network connections: Where is the app sending data? Uncontrolled communication with external servers by an employee-used app could expose sensitive business data to unauthorized third parties. This unauthorized access can lead to data breaches, regulatory non-compliance and damage to business reputation and revenue.
- AI: Does the app contain AI(s)? AI-powered features can process sensitive data in unexpected ways, potentially exposing proprietary information or creating liability.
MARC’s findings do not inherently categorize an application as high or low risk. The determination of risk should be made by the user, considering the application’s criticality, the information it collects, stores, and shares, and the developer’s obligations. Furthermore, only publicly available information and resources were utilized to generate these results; and no customer data was employed in this testing.
Source: PRNewswire