Zimperium Application Vetting
Personal Apps Installed on Employee Devices Pose a Threat
To foster workplace productivity, public and private organizations need mobile access to enterprise resources. Access to work-related information is often provided by mobile apps, whether created internally or purchased from third parties. However, allowing Bring Your Own (BYO) or Government Furnished Equipment (GFE) devices to download apps for personal use puts the enterprise at risk. Enterprises quickly find themselves lacking control over which public apps employees download, leaving them with a tough choice: to retract enterprise access, compromising productivity, or to risk potential security vulnerabilities. Navigating this delicate balance requires thoughtful strategies and robust security measures.
Ensure Third-party Work Apps Keep Enterprise Data Safe
Organizations heavily rely on third-party apps for critical functions like CRM, collaboration, messaging, bug tracking, clinical trials, and expense management. The challenge lies in the limited visibility into the security posture of these apps, posing risks to the sensitive data they process and critical backend systems to which they connect. More due diligence is needed to ensure third-party apps are built to keep data safe, defend against attacks, and comply with industry standards.
Why Third-Party Apps Need a “Nutrition” Label
 |
Tradeoffs between security and functionality |
|
Contains third-party components that are vulnerable |
|
Use device features in a manner that jeopardizes privacy |
|
Infected with malware and spyware functionality |
|
Comply with regulations and standards |
|
Connect to potentially unsafe servers |
Ongoing App Analysis
Zimperium’s z3A solution provides deep intelligence, including contextual analysis along with privacy and security ratings. z3A leverages our robust app analysis engine, APPVisualizer®, to provide powerful mobile application vetting capabilities. The engine detects security and privacy risks by continuously gathering and correlating data from various sources, including malware and data manipulation instances. Through multivariate tests and validations, potential risks are identified before they become threats.
Zimperium’s z3A:
- Privacy Assessment & Ratings – A privacy summary focused on the application’s access to privacy data, including (but not limited to): user data, contacts, user identifiers, adware, SMS, and insecure data storage.
- Security Assessment & Ratings – The security summary focuses on risks contained in the application. These risks include (but are not limited to): risky functionality and code use, application capabilities, critical vulnerabilities and threats.
- Malware Classification – Determines whether the app contains any malicious code patterns.
Identify Non-Compliant Apps – Automatically detects non-compliant apps with predefined rule-driven policies. - Reports – The executive and technical reports provide summaries, details, and risk scores.
Why Zimperium z3A is Different
Identifies third-party vulnerabilities & unauthorized behaviours
Provides visibility into potentially risky features and permissions
Identifies insufficient data protection measures
Integrates with EMM tools for automatic app assessment
Informs you if the app employs insecure storage, communication, or transmission methods
Reports in JSON, SARIF, and PDF formats
“z3A reports showed immediate value by identifying security risks in consumer applications, and enabling app based policies to automate compliance.”
– CSO, U.S. Based Hospital Network
Recommended Reading
