We have a BYOD policy and we need to amend our policy to include banned mobile apps due to security/privacy concerns, i.e. TikTok.  Has anyone found a trustworthy and maintained list of apps your company should ban from mobile devices that access your information systems due to privacy and security concerns?

Mobile DevicesEnd-User Devices
3.2k viewscircle icon2 Upvotescircle icon12 Comments
Sort by:
Global Chief Cybersecurity Strategist & CISO in Healthcare and Biotecha year ago

I agree with Eric Bedell.... you may also want to take a look at companies specializing in MTD solutions, such as Lookout, Zimperium, and Wandera websites where they publish lists of apps with known security vulnerabilities or privacy issues. As an example, Lookout periodically updates their Mobile Risk Matrix, highlighting apps and behaviors that pose security risks. https://www.lookout.com/documents/datasheets/us/lookout-mobile-risk-matrix-bullet-points-infographic-tabloid-us.pdf

Lightbulb on1
Chief Privacy Officer in Finance (non-banking)a year ago

I found it easier to use Whitelist instead of Blacklist.
First this is more secure, and second it requires less maintenance.

Lightbulb on6
Senior VP & CISO2 years ago

We don’t ban but we have a company App Store with all approved apps. We limit use of other app stores

Lightbulb on1
CISO @ Florida Gulf Coast University in Education2 years ago

Some US states like Texas, and Florida are starting to build such lists with technology and services that are considered "bad".  Some parts of the US Federal Government have started publishing technology lists that are considered banned.

https://www.tampabay.com/news/florida-politics/2023/05/02/desantis-drones-police-chinese-dji-american-security/
https://www.cnn.com/2023/04/07/business/tik-tok-florida-ban-state-universities/index.html

The lists are out there, although there is no one list you can follow.

I do agree with everyone else on here though, doing this on personal devices is a bit odd.  If anything you should consider restricting the services on your corporate/guest networks, so that if someone uses a BYO device you do not need to worry about what is on there, but rather prevent it from accessing those services, and ensure none of your data ends up on those devices.

Former CISO, VP in IT Services2 years ago

There is no silver bullet of trustworthy, maintained list of apps - it all depends on your company's risk tolerance for what information / activity is gathered and used according to the actual terms & conditions.  That is assuming someone in business/risk management has read the T&Cs to develop a position.  :-)

Lightbulb on1

Content you might like

On a scale of 1-5, how would you rate your organization’s ability to successfully protect your organization's operational network (OT) and IT network from a cyber attack?

1. We are not at all prepared.3%

2. We are somewhat prepared.35%

3. We are moderately prepared.21%

4. We are generally prepared.33%

5. We are highly prepared.6%

View Results

As an IT executive, how much would you like to invest in early-stage startups per year?

$10k - $50k32%

$50k - $100k49%

$100k+9%

No thanks, I'm killing it in the stock market8%

View Results

Which cybersecurity metrics do you currently use with your board?

Read More Comments

What do you do to recover quickly from early missteps in a new role? How can you keep initial mistakes from coloring perceptions when you’re still trying to establish your reputation at a new organization?

Considering the current economic climate and organizational priorities, how likely is it that your organization will increase, decrease, or maintain its cybersecurity budget this year?

Read More Comments