Zimperium Application Vetting

Personal Apps Installed on Employee Devices Pose a Threat

To foster workplace productivity, public and private organizations need mobile access to enterprise resources. Access to work-related information is often provided by mobile apps, whether created internally or purchased from third parties. However, allowing Bring Your Own (BYO) or Government Furnished Equipment (GFE) devices to download apps for personal use puts the enterprise at risk. Enterprises quickly find themselves lacking control over which public apps employees download, leaving them with a tough choice: to retract enterprise access, compromising productivity, or to risk potential security vulnerabilities. Navigating this delicate balance requires thoughtful strategies and robust security measures.

Application vetting
mobile device application vetting

Ensure Third-party Work Apps Keep Enterprise Data Safe

Organizations heavily rely on third-party apps for critical functions like CRM, collaboration, messaging, bug tracking, clinical trials, and expense management. The challenge lies in the limited visibility into the security posture of these apps, posing risks to the sensitive data they process and critical backend systems to which they connect. More due diligence is needed to ensure third-party apps are built to keep data safe, defend against attacks, and comply with industry standards.

Why Third-Party Apps Need a “Nutrition” Label

Tradeoffs between security and functionality
Contains third-party components that are vulnerable
Use device features in a manner that jeopardizes privacy
Infected with malware and spyware functionality
Comply with regulations and standards
Connect to potentially unsafe servers
z3A_addapp_newphone_trans

Ongoing App Analysis

Zimperium’s z3A solution provides deep intelligence, including contextual analysis along with privacy and security ratings. z3A leverages our robust app analysis engine, APPVisualizer®, to provide powerful mobile application vetting capabilities. The engine detects security and privacy risks by continuously gathering and correlating data from various sources, including malware and data manipulation instances. Through multivariate tests and validations, potential risks are identified before they become threats.

Zimperium’s z3A:

  • Privacy Assessment & Ratings – A privacy summary focused on the application’s access to privacy data, including (but not limited to): user data, contacts, user identifiers, adware, SMS, and insecure data storage.
  • Security Assessment & Ratings – The security summary focuses on risks contained in the application. These risks include (but are not limited to): risky functionality and code use, application capabilities, critical vulnerabilities and threats.
  • Malware Classification – Determines whether the app contains any malicious code patterns.
  • Identify Non-Compliant Apps – Automatically detects non-compliant apps with predefined rule-driven policies.
  • Reports – The executive and technical reports provide summaries, details, and risk scores.
See a Demo

Why Zimperium z3A is Different

3rd party

Identifies third-party vulnerabilities & unauthorized behaviours

visibility

Provides visibility into potentially risky features and permissions

data

Identifies insufficient data protection measures

integrates

Integrates with EMM tools for automatic app assessment

insecure app

Informs you if the app employs insecure storage, communication, or transmission methods

icon_verification

Reports in JSON, SARIF, and PDF formats

“z3A reports showed immediate value by identifying security risks in consumer applications, and enabling app based policies to automate compliance.”

– CSO, U.S. Based Hospital Network