Mobile Threat Catalogue

Varying Mobile Data/Device Regulations

Contribute

Threat Category: Mobile OS & Vendor Infrastructure

ID: ECO-8

Threat Description: Mobile data and devices are subject to different laws and regulations (e.g., lawful intercept, IP, data privacy) from foreign nations, such as GDPR, which must be abided by.

Threat Origin

The State of the Mobile Ecosystem, Appthority Unveils New Security Research at Black Hat 1

Exploit Examples

Not Applicable

CVE Examples

Not Applicable

Possible Countermeasures

Enterprise

As part of the app-vetting process, engage with app vendors to determine if data processed by the app may potentially be stored, temporarily or persisently, on systems located in areas that present unacceptible legal or privacy risks to enterprise data.

Before authorizing the use of mobile devices in areas outside of corporate control, understand the legal and privacy risks to enterprise data.

References

  1. “The State of the Mobile Ecosystem”, 5 Aug. 2015, https://www.helpnetsecurity.com/2015/08/05/the-state-of-the-mobile-ecosystem/ [accessed 7/27/2022]