Mobile Threat Catalogue

Improper Data Handling


Threat Category: Enterprise Mobility


Threat Description: Insecure handling of sensitive user data (e.g. domain authentication credentials) by EMM/MDM solution.

Threat Origin

Mobile Device Mismanagement 1

Exploit Examples

Not Applicable

CVE Examples

Not Applicable

Possible Countermeasures


Employ application vetting mechanisms on prospective EMM/MDM solutions to reduce the risk that sensitive data processed by the EMM/MDM is handled in an insecure fashion.

To reduce the impact of this threat, configure EMM solutions to capture the minimum set of user and device necessary to meet your broader mobile device security goals.

To limit the impact of the theft of credentials supplied to an EMM solution, configure user authentication from mobile devices to enterprise services to use one-time passwords or other replay-resistant cryptographic tokens.


  1. S. Breen, Mobile Device Mismanagement, presented at Blackhat, Aug. 2014; [accessed 8/23/2016]