Secure cloud gateway solutions provider Zscaler, has announced the results of an analysis from ThreatLabZ, the company’s security research arm, which reveals that up to 10% of mobile apps expose user passwords and login names, 25% expose personally identifiable information and 40% communicate with third parties. The analysis was done using the new Zscaler Application Profiler (ZAP), a free online tool that is designed to allow users to assess mobile apps for security risks.

The ThreatLabZ team analyzed hundreds of applications, and found that many popular apps leave user names and passwords unencrypted, while others are insecurely sharing personal information—such as names, email addresses and phone numbers—as well as communicating with third parties, including advertisers.

“App stores have strict guidelines about which logos and colors developers can use, yet application security remains largely unenforced,” said Michael Sutton, vice president of Security Research at Zscaler. “Using ZAP, mobile app developers, users and corporate IT organizations can easily assess the security risks of apps before they are installed, and analyse installed apps for privacy violations.”

Zscaler’s Application Profiler is designed to allow users to search the name of any iOS or Android app, and receive an assessment of its security and privacy risks, along with an overall risk score. Users can also use ZAP to scan traffic from an app installed on their device to see whether their own data is being exposed.