Large global enterprises have on average more than 2,000 unsafe apps installed on staff mobile devices, according to research from the security vendor Veracode.
An analysis of 400,000 apps across Android and Apple phones showed employees were regularly using unsafe public source apps, potentially exposing their firms and themselves to data theft.
Chris Wysopal, CTO at Veracode, said: "Many mobile apps are unsafe because they unknowingly access insecure third-party libraries and frameworks in the software supply chain – while other apps have been specifically designed to perform malicious actions."
According the research 85% of the unsafe apps exposed sensitive data, including SIM card information, phone location, and contact books, whilst more than a third were programmed to share browser histories or calendar data with outsiders.
Just under two-fifths were also found to be undertaking "suspicious" actions, which included checking to see if the device was configured to download third-party apps, also known as "jailbreaking" or "rooting".
Previous research from Gartner has suggested that as many as three-quarters of mobile apps will fail basic security tests this year, and security analysts have warned users to check the permissions requests from unknown developers.
The study from Veracode focused purely on apps in use by the companies surveyed, in contrast to previous studies which have tended to look at the most popular apps on given digital stores.