Well that is the thing - MDM would not be possible (please do correct me if I am wrong) as these devices are not part of our corporate network. This devices would be basically our company's clients running our banking application.
Can an application still check if certain security controls are in place and decide which functionality they app will provide? The concern is that the application does not/cannot (?) use IMSI authentication. On Monday, 15 September 2014 17:55:01 UTC+2, Kristian Hermansen wrote: > > Good MDM app is a useful reference implementation for you to investigate > for checking and enforcing phone policies. It leverages lots of permissions > and you should consider if you really should trust Good MDM to have them > all. > > An application cannot set a lock screen. Think about the ability for any > app to do that. It would be a Denial of Service condition... > -- > Regards, > > Kristian Erik Hermansen > https://www.linkedin.com/in/kristianhermansen > On Sep 15, 2014 8:08 AM, "Bernd Lippert" <[email protected] > <javascript:>> wrote: > >> We currently doing a high-level application development (banking >> application) scope of principles. One of the stakeholders is very concerned >> about the security of the devices and how it can effect the application. I >> am still trying to find any concrete evidence I can present in regards to >> this but my understanding so far is: >> >> - An Android application can check various security features of a device >> (e.g. lock screen, storage encryption, root status) report this to the user >> and not run with full functionality until the security requirements are >> meet? >> >> - Can an application turn on specific security functionality (with or >> without user consent) or is this frowned on in? >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Android Security Discussions" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] >> <javascript:>. >> To post to this group, send email to [email protected] >> <javascript:>. >> Visit this group at >> http://groups.google.com/group/android-security-discuss. >> For more options, visit https://groups.google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
