NowSecure, a recognized leader in Mobile Application Risk Management (MARM), unveiled NowSecure Mobile Application Risk Checker (MARC), the first and only free public risk assessment tool for mobile applications. MARC provides actionable insights into thousands of mobile apps, enabling IT, security, and privacy professionals to quickly identify, understand, and mitigate mobile app-related risks.
“Mobile app data is as sensitive and business-critical as it gets, yet relative to web and cloud application development, there’s a glaring lack of attention given to managing data security and privacy risk both within the app itself and with 3rd parties,” said NowSecure CEO Alan Snyder. “We launched MARC as a free public service to raise awareness of this critical business and consumer risk.”
Introducing NowSecure MARC (Mobile Application Risk Checker)
Mobile applications often handle highly sensitive information, from financial transactions to personal health data. However, organizations typically lack visibility into the third-party components developers use to build these apps. Recent NowSecure research indicates that these components frequently contain hidden data flows that can expose businesses to data theft, leakage, and loss. The rising number of mobile app breaches, coupled with evolving data privacy regulations, emphasizes a key reality: mobile application risk is essentially data risk.
MARC is a publicly accessible database featuring thousands of apps downloaded and tested from the Apple App Store and Google Play, without using any customer-provided data. Users can examine actual application properties and behavior, reviewing granular results across five major risk vectors:
-
Permissions: What data can the app access Improperly managed permissions may allow malicious access to sensitive data and device features.
-
Sensitive data collection and sharing: What private data does the app handle, and how is it managed Poor handling can expose enterprises, customers, employees, and partners to breaches and compliance violations.
-
Privacy declarations: Does the app operate in line with the developer’s stated data practices App store requirements often lead to incomplete or unclear declarations, leaving users unaware of sensitive data collection and processing.
-
Network connections: Where does the app send data Uncontrolled communications with external servers could expose critical business information to unauthorized third parties, potentially causing regulatory, reputational, and financial harm.
-
AI usage: Does the app incorporate AI features AI-powered functions may process sensitive data unpredictably, risking exposure of proprietary information or liability concerns.’
Also Read: OneSpan Partners with ThreatFabric to Boost Fraud Prevention
MARC does not label apps as high or low risk; instead, users determine the risk based on the app’s criticality, the data it collects, and the developer’s obligations. All insights are derived from publicly available information, ensuring no customer data is involved in the evaluation process.
By offering this free resource, NowSecure empowers organizations to proactively manage mobile app risk, strengthen data security, and maintain compliance in an increasingly mobile-first digital landscape.