PriveSec Report. The app trap

16 August 2018

Peter Matthews, Metro CEO, in Priv Sec Report discussing the security implications of consumer apps.


The app trap: Why consumer messaging apps raise business data security fears

Consumer apps such as WhatsApp are widely used by businesses as a free and easy method of mobile communication, but they have a downside – they aren’t fully secure and they aren’t GDPR compliant when used in the work place.

In July 2018 WhatsApp was named by mobile device security company, Appthority, as one of the apps most often blacklisted by businesses. The reasons companies gave for avoiding a range of different apps included concerns around information security, particularly where contacts, location and other sensitive data could be accessed. Facebook Messenger was also high on the list.

These issues aren’t new. WhatsApp, for example, was never built for business. It has been widely adopted by companies because its user-friendly services – including instant messaging, voice calls and group chats – help senior managers, fieldworkers and everyone in between stay productive on the move. But for the reasons highlighted by Appthority, businesses are starting to turn against it.

German automotive company Continental AG banned WhatsApp and Snapchat from an estimated 36,000 company devices in June 2018 after information security concerns were repeatedly raised in the courts and by data protection authorities.

Continental’s main concern was that the apps access the sender’s address book without the permission of those listed. Once those contacts are in the hands of WhatsApp (now owned by Facebook) you can’t fully control who they will be shared with or, in the future, sold to.

Inadvertently surrendering the control of data is, of course, completely at odds with data protection principles. Look at it this way, how could you correct or delete data or stop it being used for marketing purposes if you don’t know where it’s gone, have no control over it and aren’t authorised to get it back?

To read more please go to the Priv Sec Report.