Threat Category: Mobile OS & Vendor Infrastructure
ID: ECO-8
Threat Description: Mobile data and devices are subject to different laws and regulations (e.g., lawful intercept, IP, data privacy) from foreign nations, such as GDPR, which must be abided by.
Threat Origin
The State of the Mobile Ecosystem, Appthority Unveils New Security Research at Black Hat 1
Exploit Examples
Not Applicable
CVE Examples
Not Applicable
Possible Countermeasures
As part of the app-vetting process, engage with app vendors to determine if data processed by the app may potentially be stored, temporarily or persisently, on systems located in areas that present unacceptible legal or privacy risks to enterprise data.
Before authorizing the use of mobile devices in areas outside of corporate control, understand the legal and privacy risks to enterprise data.
References
“The State of the Mobile Ecosystem”, 5 Aug. 2015, https://www.helpnetsecurity.com/2015/08/05/the-state-of-the-mobile-ecosystem/ [accessed 7/27/2022] ↩