Enterprise operations are often executed across a range of users, software, and devices. Increasingly, enterprise operations are at least partially executed on mobile devices (e.g., smartphones, tablets). This trend is often referred to as the “mobile first” strategy. Consequently, an increasing number of enterprises are supporting a bring your own device (BYOD) strategy, in which employees use their own, personal devices to perform work-related tasks. In some instances, enterprises provide mobile device to their employees (or at least a portion of their employees).
In view of security threats (e.g., malicious users trying to hack into enterprises), enterprises need to carefully select which mobile applications can be installed on a device that is also used for enterprise operations. Here, neither a manual white-listing approach (e.g., explicitly specifying which mobile applications employees are allowed to install) nor a manual black-listing approach (e.g., explicitly specifying which mobile applications employees are not allowed to install) is not practical possible. For example, the sheer number of mobile applications released per day, results in white-lists being always too restrictive, and black-lists being outdated (and, thus, not effectively blocking insecure mobile applications). The effort for updating both black-lists and white-lists is extremely high, which reduces their business value even more.
In view of this, a solution is required that enables enterprise users to install all “harmless” (from a security perspective) mobile applications (e.g., mobile applications that do not endanger the security or privacy of the business data) from application stores (so-called “app stores”).