Corporate IT: Beware the dating apps on your users' phones

11.02.2015
Security-conscious IT leaders already have a rocky romance with the BYOD trend, and as Valentine's day approaches it's emerged that lonely-heart employees could be putting company data up for grabs by using dating apps.

More than 60 percent of the leading mobile apps available in this category are potentially vulnerable to a variety of cyberattacks, an IBM Security study found. Besides putting the user's personal information at risk, if these apps are on devices also used for work, corporate data could be vulnerable.

Think it's unlikely Think again: Dating apps are already being used on employee devices at a full half of the enterprises IBM surveyed.

To conduct the study, researchers analyzed the dating apps available in the Google Play app store in October 2014. Out of 41 dating apps they looked at, 26 had either medium or high-severity vulnerabilities.

What that meant, specifically, was that the apps could be used to download malware, steal financial information or track the user's whereabouts. Even when the user isn't logged into the app, hackers could gain access to the phone's camera or microphone and eavesdrop on confidential business meetings, IBM said.

Though the insecure apps IBM found were all on the official Google Play store, it's also a good idea to restrict employees' app downloads to authorized sources, the company said.

Other advice for IT managers:

-- use some form of mobile device management tool that includes security capabilities;

-- educate users about potential dangers and make sure they understand what it means when they grant permissions to mobile apps;

-- set automated policies on smartphones and tablets so that if a device is found to be compromised, action can be taken immediately.

Katherine Noyes