Mobile App Security
Security is, unsurprisingly, the issue that most people in our world are worried about and focus on. (In fact, earlier this year, we devoted an entire series to issues of security and how we’re addressing them.)
Of course, the security and threat landscapes have changed pretty significantly in the last 10 years as devices have grown more sophisticated, and concerns about privacy have increased.
When Android and iOS were first becoming popular—let’s say 7 to 10 years ago—every device was assigned a UDID (Unique Device Identifier on iOS) or UID (User Identifier, or Android Identifier, both on Android). The general UID concept was extremely useful for security, as it allowed administrators to easily identify users, and tie together a cert to that person that dictated what they could or could not have access to.
The trouble is that UIDs are also tremendously useful for marketing. As information shared by one app was linked to others, it quickly got misused. Marketers used the UID to garner insights about users, at the expense of those users’ privacy. As a result, companies started to hide the UID. As you know, give anybody an inch, and they’ll take a mile.
As an app developer, you can get a UID for the apps you produce, but because of the misuse we just described, you can’t tie it to anything else. This is the right move from a privacy perspective—even if it frustrated many marketers—but it has the side effect of impacting enterprise mobility.
Where before, IT administrators managing enterprise mobility efforts had the ability to tie discrete device identifiers to users and other apps, since the phase-out of the ubiquitous UID, the only way to replicate that process currently is through the heavyweight MDM. As we’ve discussed before, MDM is a clumsy solution for many organizations, and requires implementing security measures that many users may not be comfortable with.
So: how do you manage which users are allowed to access which apps if you don’t have a good way of keeping track of who they are?
At App47, we’ve figured it out. Our MAM-centric, enterprise app store-based approach is a surefire way to manage the security needs of a modern organization, while still navigating the complex privacy needs of today’s users. Want to learn more about how we do it? Contact us today.
—