Mobile App Misconfigurations Will Lead to Security Breaches | eWeek

Mobile App Misconfigurations Will Lead to Security Breaches

Mobile App Misconfigurations Will Lead to Security Breaches
Écrit par
Nathan Eddy
Nathan Eddy
Jun 2, 2014
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

By 2017, 75 percent of mobile security breaches will be the result of mobile application misconfiguration, according to a report from IT research firm Gartner.

In that same year, the company predicts that the focus of endpoint breaches will shift to tablets and smartphones, as the number of mobile devices being sold to consumers continues to rise—Gartner projects nearly 2.2 billion smartphones and tablets will be sold to users in 2014.

“Mobile security breaches are—and will continue to be—the result of misconfiguration and misuse on an app level, rather than the outcome of deeply technical attacks on mobile devices,” Dionisio Zumerle, principal research analyst at Gartner, said in a statement. “A classic example of misconfiguration is the misuse of personal cloud services through apps residing on smartphones and tablets. When used to convey enterprise data, these apps lead to data leaks that the organization remains unaware of for the majority of devices.”

Gartner said the best defense is to keep mobile devices fixed in a safe configuration by means of a mobile device management (MDM) policy, supplemented by app shielding and “containers” that protect important data.

Jailbreaking and rooting can also allow malware to be downloaded to the device and open it up to all sorts of malicious actions, including extraction of enterprise data. Rooted or jailbroken mobile devices also become prone to brute force attacks on passcodes.

“The most obvious platform compromises of this nature are jailbreaking on iOS or rooting on Android devices,” Zumerle said. “They escalate the user’s privileges on the device, effectively turning a user into an administrator.”

The report also pointed out that in order to do significant damage in the mobile world, malware needs to act on devices that have been altered at an administrative level.

To help prevent incidents, Gartner published a series of recommendations for security leaders to follow as an MDM or enterprise mobility management baseline for Android and Apple devices.

One of the ways IT security specialists can reduce the number of security breaches is by specifying minimum and maximum versions of platforms and operating systems and disallowing models that cannot be updated or supported.

Organizations should also require that device passcodes include length and complexity as well as strict retry and timeout standards, and require signed apps and certificates for access to business email, virtual private networks, WiFi and shielded apps.

Zumerle also recommended favoring mobile app reputation services and establish external malware control on content before it is delivered to the mobile device.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.