Threat Category: Enterprise Mobility
ID: EMM-10
Threat Description: Enterprises may install insecure internally developed enterprise applications onto enrolled devices via mobile application management (MAM) policy.
Threat Origin
Mobile Top Ten 2016 1
Exploit Examples
Not Applicable
CVE Examples
Not Applicable
Possible Countermeasures
Prior to deployment, ensure internally developed apps are evaluated with rigor, such as by using app-vetting services to establish confidence they present minimal risk to the enterprise and device users.
Consider the use of container solutions, such as Android for Work, that can prevent launching of managed apps when the device user is not authenticated to the work-centric container, thus minimizing the risk those apps present to the user outside of a work context.
Mobile Device UserFor device users with concerns about the security implications of a mandatory enterprise app during personal use of the device, restrict its permissions or if possible, temporarily disable it when operating the device in a personal context.
References
Mobile Top 10 2016, Mar. 2016; www.owasp.org/index.php/Mobile_Top_10_2016-Top_10 [accessed 8/23/2016] ↩