Apple is apparently planning to extend its iOS app privacy report deeper into the operating system.
“iOS and iPadOS 15.2 add support for App Privacy Report, a feature that Apple first highlighted back at WWDC. With App Privacy Report, you can see how often apps are accessing sensitive info granted to them through privacy permissions, such as location, camera, microphone, and contacts,” according to a report in MacRumors. “The feature also gives you details on the various domains that apps and websites are contacting, so you can keep an eye on what your apps are doing behind the scenes and where your data might be going.”
As more and more enterprise data is being routed through phones, both corporate-issued and employee-owned BYOD, how well is IT and the CISO’s office protectiong those devices and, therefore, that sensitive data? Reviewing that App Privacy Report regularly (say, how about weekly?) would be a terrific first step.
How can the report help? Several ways.
- Individual users —By reviewing that report — whether via direct IT download or by users being told to send a copy of the report to IT — it can help identify malware apps early, ideally limiting how much damage can be done.
- Enterprise users — By identifying the malware early, IT can place that app on its blacklist, hopefully protecting other users. More importantly, it can also blast the information to all users, preventing others from even downloading the app. That protects lots of users and, therefore, the enterprise.
- Broader industry —Once malware is identified, it can be shared with others in your vertical, and potentially other verticals. Apple and Google can be alerted, along with a wider number of users.
The premise behind anti-virus apps is that, to a limited degree, malware can only strike once or twice, hurting a relatively small number of victims. Once a victim reports it, it can be added to definition lists and then be blocked by far more users. A similar concept might work for malware hiding as mobile apps.
Advertisement
In their earliest years, smartphones controlled a small slice of the device space. But as the content created and distributed by desktops and laptops has rapidly given ground to mobile devices, the rules need to change. Malware affecting iOS and Android is no longer merely annoying. It can hit at the heart of IT operations today, which means taking more aggressive action than would have been needed a decade ago.