Mitigating Mobile Risk With VMware Workspace ONE & Appthority

Dec 7, 2017
Domingo Guerra


Domingo Guerra, Appthority’s president, cofounded the company in 2011 to help the enterprise solve new security challenges in an increasingly mobile, app-centric world. He is the leader of Appthority’s Enterprise Mobile Threat Team, where he specializes in identifying mobile app risks and behavior trends, and advising the enterprise of the business risk associated with data breaches, losses and leakage tied to today’s dynamic workforce. Learn more at

Share This Post On
Co-Author: Sachin Sharma, VMware EUC Product Line Marketing Manager

Three years ago, the number of active mobile devices (7.2 billion) surpassed the number of people living in the world. Since then, mobile device activations, now at 8.4 billion, continue to outpace human population growth.

This phenomenon extends beyond just personal usage of mobile devices. Mobile devices and apps moved into the enterprise years ago, acting as the primary element driving what’s known as the “consumerization of IT.” Many organizations allow bring your own device (BYOD) and/or provide corporate-owned personally enabled (COPE) models for mobile devices to ensure employees can be productive in today’s mobile-cloud world.

As organizations embrace mobility, they must also equip employees with access to enterprise apps, from anywhere and from any device, all without sacrificing security. VMware Workspace ONE, powered by VMware AirWatch unified endpoint management (UEM) technology, helps organizations deliver an enterprise-secure, consumer-simple digital workspace.

The integrated digital workspace platform securely delivers and manages any app on any device by integrating access control, application management and multi-platform endpoint management. With Workspace ONE, IT teams simplify management of users, devices and apps while setting up policies to minimize potential data breaches. For example, access policies can restrict users from accessing mobile applications based on context.

Appthority-logoHowever, as the number of active mobile devices grows, so does the number of security attack vectors that can cause a potential data breach. One recent example is the “Eavesdropper” vulnerability discovered by our VMware Mobile Security Alliance (MSA) partner, Appthority.

Eavesdropper Threatens Enterprise Security

Eavesdropper affects almost 700 apps in enterprise mobility environments. This mobile app vulnerability is the result of poor coding practices. Specifically, hardcoding admin credentials of the Twilio SDK into popular apps used in enterprises is particularly risky.

Hundreds of millions of current and historic text messages, call metadata and voice recordings have been exposed because of this vulnerability. The Eavesdropper vulnerability also affects other cloud services, such as Amazon Cloud Storage, where more than 20,000 apps downloaded onto enterprise devices have been impacted.

Prevent Eavesdropper Attacks With VMware & Appthority

Vulnerabilities like these make a secure digital workspace platform even more critical, and that’s exactly what Workspace ONE provides. On the Workspace ONE platform, security capabilities can be extended with our ecosystem of MSA partner solutions to provide a comprehensive approach to securing the digital workspace.

Appthority Mobile Threat Protection (MTP) helps by detecting and remediating malware and vulnerabilities by automatically performing static, dynamic, behavioral and backend security analysis on every mobile app installed on a Workspace ONE managed device.

Furthermore, IT and security teams can create custom policies to look for industry-specific compliance concerns, like unauthorized cloud storage use, sensitive data across borders (which is a huge General Data Protection Regulation, or GDPR, concern) and excessive collection and/or sharing of personal data. Appthority MTP and Workspace ONE also automatically permit or block apps in an environment based on pre-set security policies to make app control a breeze, while adding additional risk inputs based on device and app integrity to conditional access rules. Best of all, the joint solution is available in an agentless approach, which is an industry first.

[For more details, see this overview of the VMware and Appthority joint solution.]

Less Work, More Security

Customers across industries—financial services, oil and gas, pharma and automotive, to name a few—use the joint solution to automatically monitor app inventory on BYOD and COPE devices to identify potential threats. This process creates dynamic app permitted lists that keep employees and the data they access secure. Security and IT administrators appreciate how the seamless integration decreases their workload, as any identified threats can be automatically remediated with Workspace ONE’s advanced enforcement engines.

Arming employees with a self-help/self-remediation tool for mobile risk is another feature that decreases admin workload and improves security. With the optional Appthority MTP agent installed on BYOD or COPE devices managed by Workspace ONE, employees proactively see app risk recommendations before they download the app, are alerted to active network threats like man-in-the-middle (MiTM) attacks and receive simple step-by-step instructions on how to get their devices back in compliance when threats arise.

Higher Productivity, Lower Risk

By positioning Appthority MTP as a benefit instead of a requirement, enterprises have achieved huge adoption rates. As employees look for ways to protect themselves and their personal data, they intrinsically end up protecting corporate data and systems as well.

Enterprise mobility continues to rapidly evolve and enable employees to be more productive and connected than ever before. Employees need access to apps and systems from any place and any device, but increased access to sensitive data doesn’t have to translate into increased risk. Workspace ONE and Appthority MTP allow enterprises to fully embrace the mobile workforce without losing sleep over potential data breaches.


468 ad