Appthority runs each app with both static analysis and dynamic analysis to determine what the app can do beyond its advertised main function (e.g., gaming, news services, productivity, etc.). Appthority analyzes an app to uncover, for example, what other apps it can communicate with; what backend systems, URLs or websites the app accesses; what permissions the app requests versus what permissions the app actually uses (because there’s often a mismatch there); what behaviors the app exhibits; and how the app is managing sensitive data, including whether or not it is using encryption.
This information is essential to enterprises that are trying to develop policy and manage mobile security, says Domingo Guerra, president and co-founder of Appthority. … “There are lots of technologies on the market that are policy enforcers, but they only enforce what you tell them to do.”
In the app reputation report released in July 2012, Appthority reported that 96% of iOS and 84% of Android apps can access at least one of these data risk categories.
Organizations that already use a mobile device management (MDM) or mobile app management (MAM) solution can incorporate Appthority’s app reputation information to help formulate policy of who can access what apps, and when.
To secure corporate content, networks and data, an enterprise really has to focus on risk management over that data, and what can access that data.
Link: http://www.networkworld.com/newsletters/techexec/2013/020113bestpractices.html