“I get all my movies online for free”, exclaimed the person sitting across the table from me. I was chatting to an acquaintance who is trusting of technology and subscribes to the belief that a handset from one of the mainstream players such as Apple or Samsung is virtually impenetrable to attack. The conversation up to this point had involved the benefits of paying for services such as Netflix and Spotify versus downloading everything for free. Setting aside the moral angle and legality of the “downloading” approach, I was horrified when he showed me the folder of apps on his Galaxy S9 which was dedicated to acquiring movies and music. Mistaking my expression of horror for an expression of confusion he set my mind at ease, “don’t worry it isn’t difficult”, he said.
I watched as he opened a torrent app, searched for a torrent of a movie we had been discussing earlier and within minutes he had downloaded it to his phone. In all honesty it was an impressive sight. He then prompted me to search for the same movie on Netflix, which I did without success. “This is better, it works” he said with a dash of delight in his voice. What followed next was a string of offers to “set it up for you on your phone”, all of which I respectfully declined.
The next day I thought about how different our views were on security and acquisition of media from our respective sources. Some people pay and some people do not pay. Some people like the convenience of a Netflix type experience and some people prefer to spend a little time digging around websites to find links to places they can acquire their movie at no cost. Then it occurred to me, both of our devices are business phones provided by our respective employers. With that in mind the stakes suddenly got higher. This guy is downloading copyrighted content using a business device potentially over a network provided by his employer using apps that could have security issues. I sent him a message asking, “how secure are those apps you were using to download the movies” and he replied, “never had a problem with them, they are from the Play Store”. Employee perception here is key. He sees no issue with the apps and he trusts the platform he got them from. So what else was there to do, I decided to install the apps and try them out.
First things first I went on to the Play Store and searched for torrent. I downloaded the most popular result which as of this morning the default security scanning application on my Galaxy Note 9 sees no problem with. I searched the web for a torrent of an old movie and got a link which I put in to the torrent app and clicked download….. Then a funny thing happened. The Corrata app which monitors network traffic on my business device threw a notification on screen advising me that malicious content had been blocked and my IT admin had been notified. Upon further inspection, I learned that torrent apps have been blocked in our mobile Internet policy which prevented the torrent app from working but also that the torrent app had tried to reach out to a number of bad places online, including to a fraudulent ad rotation service which is known to push tech-support scams among other bad stuff. I sent an email to our IT admin advising that I was doing some testing and he may see some notifications on my account – sounds plausible as I was trying this out early in the day and not late on Saturday night while in a bar!
The main learning for me here is that an app which is in a legitimate app store and is scanned by a phone and reported as okay can take a device to bad places online without the user knowing and expose them and their business to security issues. The casual way in which these apps are being installed and used is very concerning, end users simply trust their handsets and expect that they will be protected from issues that may arise from time to time.
On a more positive note I was very impressed with the performance of Corrata during my test. The service is designed to live in the background and protect users from security threats and also from their relatively innocent missteps as they use their business device. When the notification popped up on my device advising me of this blocked malicious content I was alarmed enough to immediately close the app and remove it.
Quick questions – Have any of your friends/family/acquaintances ever told you how easy it is to stream or download movies and music? Do you think having protections on business devices is important?
By Dylan Fermoyle VP Sales at Corrata
To find out more about how Corrata’s solution could help protect your organization’s mobile devices from threats like unofficial apps or malicious downloads, visit www.corrata.com or email us at firstname.lastname@example.org.