It's probably not too surprising these days to see Angry Birds right alongside a customer relationship management application. For the most part, it's acceptable to let employees enjoy a few physics puzzles over lunch. However, many mobile apps pose more of a risk to user privacy than they advertise.

As Bloomberg blogger Jordan Robertson noted, many third-party Android app developers were recently chastised for lacking clarity in regard to data privacy. Although they mostly fell short of being classified as "malicious," as many as 100,000 apps may be guilty of "suspicious" activity such as harvesting contact lists and browsing content in employees' emails.

"The findings illustrate a reality of the application economy: having a vast amount of third-party applications is both good and bad for consumers," Robertson wrote. "With so many unknown developers writing software for smartphones, users must be vigilant about monitoring what permissions they’re granting when they download new programs."

As Robertson's comments suggest, stealing important corporate data has become a much more streamlined process than in days past. Attackers no longer have to breach the corporate walls with actual spies as they can now infect employee devices with malware to sneak past the digital walls of business and collect information. Maybe it is true that most of these applications use data harmlessly, but few businesses are likely comfortable with the idea that the contents of company emails and data stored on their employees' devices may be sent to a server on the other side of the country.

A better mobile security paradigm
One of the primary challenges businesses face as they leverage trends such as bring-your-own-device is that relying entirely on device-centric solutions often leaves data security gaps. Highlighting the need for better solutions, the National Institute of Standards and Technology recently published a draft of new mobile security guidelines.

"Many current mobile devices lack a firm foundation from which to build security and trust," said NIST lead for Hardware-Rooted Security Andrew Regenscheid. "These guidelines are intended to help designers of next-generation mobile phones and tablets improve security through the use of highly trustworthy components, called roots of trust, that perform vital security functions."

NIST highlighted several areas in which organizations can ensure better data security on mobile devices. In addition to protecting the smartphones and tablets themselves, sensitive information sent to mobile devices should be isolated and protected using data encryption software so that other programs can't access corporate assets.