WhatsApp has the honor of being the most popular app on iOS enterprise devices, but also the most blacklisted app on enterprise networks.
This is one of the findings of the Appthority Enterprise Mobile Security Pulse Report for Q3 2017; a report put together by scanning millions of devices running the company’s mobile security solutions.
The gathered data allowed Appthority insight into the most popular apps that employees installed on work devices or on personal devices that they bring into enterprise networks via bring-your-own-device (BYOD), choose-your-own-device (CYOD) and corporate-owned, personally-enabled (COPE) policies.
According to Appthority, Uber, The Yellow Pages, and Facebook were the top three most popular apps installed on Android devices, while WhatsApp, Facebook Messenger, and Uber were the most popular apps on iOS.
Malware vectors, privacy leak risk apps top blacklisted chart
In addition to the most installed apps, Appthority also had an insight into applications blacklisted based on company-wide policies. These apps were blacklisted because of known vulnerabilities, potential leaks of sensitive data, or for being known malware infection vectors.
For example, the most blacklisted app on Android devices part of enterprise networks was an app named Poot-debug(W100).apk, a known rooting toolkit, known to be part of many malware-infected applications.
In fact, eight of the top 10 blacklisted apps on Android were known malware vectors, compared to iOS where apps deemed as a privacy risk dominated the top 10.
These iOS apps in the Appthority list are all known to collect and send user information to external servers. Collected data includes SMS messages, contact lists, location information, and more.
Companies dealing with sensitive business information find such apps to be a real risk; hence the reason most of them have been added to corporate blacklists.
Most apps collect and send data to US-based servers
In addition to documenting blacklisted apps that collect user data, Appthority also tracked where this information was being sent.
Surprisingly, most of the data didn’t go to China, as many expected, but to the US, who led the ranking on both Android and iOS. As for China, it ranked only 8th in the Android list and 10th in the iOS ranking.
The results should be taken with a grain of salt, but the findings should serve as a guide and reminder for security teams to assess the dangers that come with deploying a BOYD, CYOD, or COPE policy, and the need to blacklist applications from functioning while on work networks or on company-provided devices.