I often write about emergency-response mobile applications new to the marketplace. The number of mobile apps available is mind-blowing, with about one million apps on the market and more than 1,500 being released every week.
Earlier this week, I wrote about Ping4alerts!, a free smartphone app that uses geo-location technology to alert residents of pending disasters in their specific location, such as tornados or terrorist attacks. I live in tornado alley, so I downloaded the app. But then a thought occured to me: How would I know whether an app I downloaded was harmful to my smartphone and to the security of my personal data? How would I know whether or not the app passed the security test?
While some users assume security measures are built into a mobile app, but years of writing about technology turned me into a bit of a skeptic. So, I started to look for apps that can test the security of anything I downloaded. I found an app from Zscaler’s ThreatLabZ research arm, which recently unveiled the Zscaler Application Profiler. ZAP is a free tool that lets users check the security of any mobile app and assess their risk.
According to ThreatLabZ researchers, 10% of mobile apps leak unencrypted usernames and passwords, while 25% unveil information that can identify users personally, such as an e-mail address, home address, phone number and more. In addition, 40% communicate data with third parties. ZAP lets users search the name of any iOS or Android app and receive an assessment of its security risks, alongside an overall risk score. Users also can use ZAP to scan traffic from an app installed on their device to see whether their own data is being transmitted. Then, the ThreatLabZ team adds the results to the ZAP database, collecting the security profiles of thousands of mobile apps.
So, next time I download the app I will have to trust the researchers who developed ZAP to help me sort out the security. Do you trust your apps or will you be trying ZAP? Tell us in the comment box below.