We have a BYOD policy and we need to amend our policy to include banned mobile apps due to security/privacy concerns, i.e. TikTok.  Has anyone found a trustworthy and maintained list of apps your company should ban from mobile devices that access your information systems due to privacy and security concerns?

983 views2 Upvotes10 Comments

Senior Information Security Manager in Software, 501 - 1,000 employees
It’s hard to create a universal list, as there are so many variables between companies.

On the more aggressive end, a regulated financial services firm will pretty much prohibit almost everything. A public relations firm will have a much less aggressive stance.

Sorry for the vague response. But there are so many ‘it depends’ in the question that makes it hard to answer.
Director in Manufacturing, 1,001 - 5,000 employees
I didn’t work in mobility however our company tried BYOB with mobile app virtualization. I believe they tried VMwares product for mobile devices

Unfortunately our BYOB policy was very restrictive and almost nobody adopted BYOB for mobile devices.

I think the product offerings will improve with time, perhaps we tried too early (2018)

Our policy had a no fault company could wipe your device at anytime, so adoptions of BYOB is dead for us
CTO in Software, 2 - 10 employees
Is it reasonable to dictate what apps employees can install on "their" phones? 
I don't think so; if you want to implement this policy, the company should purchase the devices. 
VP of IT in Healthcare and Biotech, 10,001+ employees
BYOD means user own devices so they should be able to install anything they want privately, why do they allow “IT” to control what they can do or don’t do. 
Director of IT in Software, 10,001+ employees
You need to issue company phones to do this.
Global Head of AI, Data & Analytics in Software, 10,001+ employees
Lots of considerations, if TikTok is banned, is Facebook, Instagram and WhatsApp?

Seek legal advice as in some countries it's unlawful to dictate policy relating to personal devices

Either roll out company devices or use MDM and Understand you don't have say the in personal devices
CIO Strategic Advisor in Services (non-Government), 2 - 10 employees
Creating a list for banning on personal phones is an impossible task that will run afoul of personal selection. Plus, it is a never ending task to include every app, every time with every update. As soon as you block something a user wants to use in personal life, you will create strife. Alternatively, either a) focus on restricting access to company apps/ data, b) use a secure portal to access data or c) issue a company phone that is restricted. When leveraging BYOD, it is a double-edged sword to try to restrict anything. Best to take the high road.
Former CISO, VP in IT Services, Self-employed
There is no silver bullet of trustworthy, maintained list of apps - it all depends on your company's risk tolerance for what information / activity is gathered and used according to the actual terms & conditions.  That is assuming someone in business/risk management has read the T&Cs to develop a position.  :-)
CISO in Education, 1,001 - 5,000 employees
Some US states like Texas, and Florida are starting to build such lists with technology and services that are considered "bad".  Some parts of the US Federal Government have started publishing technology lists that are considered banned.


The lists are out there, although there is no one list you can follow.

I do agree with everyone else on here though, doing this on personal devices is a bit odd.  If anything you should consider restricting the services on your corporate/guest networks, so that if someone uses a BYO device you do not need to worry about what is on there, but rather prevent it from accessing those services, and ensure none of your data ends up on those devices.

Senior VP & CISO, 1,001 - 5,000 employees
We don’t ban but we have a company App Store with all approved apps. We limit use of other app stores

Content you might like

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
41.8k views131 Upvotes319 Comments

Cyber Security32%

Cloud Computing/Cloud Migration45%

Artificial Intelligence (AI) and Machine Learning (ML)60%

IoT (Internet of Things)28%

Digital Transformation:32%

WFH/Remote Work16%

Legacy Systems Modernization6%

Data Management9%