Threat Category: Enterprise Mobility
Threat Description: Enterprises may install insecure internally developed enterprise applications onto enrolled devices via mobile application management (MAM) policy.
Mobile Top Ten 2016 1
Prior to deployment, ensure internally developed apps are evaluated with rigor, such as by using app-vetting services to establish confidence they present minimal risk to the enterprise and device users.
Consider the use of container solutions, such as Android for Work, that can prevent launching of managed apps when the device user is not authenticated to the work-centric container, thus minimizing the risk those apps present to the user outside of a work context.Mobile Device User
For device users with concerns about the security implications of a mandatory enterprise app during personal use of the device, restrict its permissions or if possible, temporarily disable it when operating the device in a personal context.
Mobile Top 10 2016, Mar. 2016; www.owasp.org/index.php/Mobile_Top_10_2016-Top_10 [accessed 8/23/2016] ↩