While this makes it easy for enterprises to distribute apps to employees, the enterprise provisioning profile unfortunately creates a situation where many enterprises actually bypass Apple's app vetting process, losing a layer of security.
In many instances, receiving applications outside of the official App Store, or what we call sideloading, causes users to encounter dialogue boxes they don't necessarily understand.
The world has a knee-jerk reaction to the pop-up: comply quickly, close it, do whatever you can to make it go away. It's the "next-next-next" mentality. Anything that interrupts a user's flow on the device is quickly dealt with in an effort to get back to the task at hand.
As enterprises have expanded their homegrown app offerings by the hundreds, employees are now receiving many more of these notifications on iOS devices and could be more likely to quickly move through them.
Why is this worrying? When users are too often exposed to these dialogues, they are conditioned to ignore important security warnings which could result in bad apps passing unnoticed onto devices, exposing enterprise networks to possible risk.
Consider this: not including attacks on jailbroken phones, most of the known iOS threats use enterprise provisioning profiles to access their target device. As an enterprise, you don't want those app download dialogue boxes becoming a nuance people ignore.
The need to think holistically
As the way we buy and use our mobile phones changes, so must the conversations around what is truly secure. Where once we could compare Android and iOS devices side-by-side, the ways they're being used and the new devices entering the landscape are adding nuances that can't be ignored.
Businesses and consumers alike are going to need to use a multi-layer approach to security. We can't rely solely on Google or Apple to police the app landscape and ensure their operating systems are buttoned up and without back doors. It will take many layers to filter out the mobile security risks. Traditional network security, device security, application security, on top of app vetting, will all work toward one common goal: a safer corporate network and protected personal data.
Sign up for Computerworld eNewsletters.