Concerned About AI Gathering Business Data? Check Your Phone.
We’ve been talking a lot about the security challenges with artificial intelligence at Forrester, specifically with generative AI (genAI). We’ve researched the buzz on AI PCs and think 2025 is when they’ll start to gain adoption. But what about mobile? Leading vendors such as Google and Samsung, as well as secondary players like OnePlus and Xiaomi, have already released local AI engines for their Android phones, while Apple has announced its Apple Intelligence offering that will be previewed this fall — not to mention the mobile assistants like Alexa, Bixby, Google, or Siri that use AI or the growing list of apps that involve various AI engines and large language models. As an enterprise security leader, how can you control these AI engines on your organization’s managed mobile devices?
Right now, it’s a mix of good and not so good. On the not-so-good side, there are limitations on what can be disabled through unified endpoint management (UEM) platforms. Local AI engines on Android devices cannot currently be managed through UEM, and as of this writing, UEM vendors are unsure of what will be available to manage Apple Intelligence. OS developers Google and Apple, along with device manufacturers who customize the Android OS for their platforms such as Samsung, OnePlus, or Xiaomi, have not released the information that UEM vendors require to code this configuration option into their platforms. Administrators can block an on-device app package though. Being that Google Gemini Nano, for example, uses com.google.android.aicore, this associated package can be blocked through a manual app blocking and that would suffice.
The news is better for AI assistants, which can be disabled through UEM settings or, as with Alexa, by disabling the application. This feature has been available for some time. Security pros who may be concerned about business data being leaked should understand how those AI assistants interact with business applications, messaging, and audio/video channels on corporate and personal devices and adjust the UEM settings accordingly to limit the risk.
For other applications that may collect data to send off to third parties for processing, modern mobile threat defense (MTD) solutions can analyze applications on mobile devices and let security analysts know where the application data is going. Security teams can then determine risk levels for the apps and devices and either disable access to corporate resources until the risky applications are removed, in the case of bring-your-own-device situations, or apply UEM policies to disable these applications for corporate devices.
The range of threats targeting mobile devices is quite extensive, and as AI is integrated into more applications and platforms, security pros will need to implement more controls to reduce the risk of sensitive data being compromised. For mobile, the OS developers such as Apple and Google along with the platform vendors all need to allow UEM platforms to implement policies on managed devices to limit the corporate data that gets collected by AI and allow MTD vendors insight so they can better secure the mobile ecosystem.
Forrester customers who have questions or concerns about mobile security within their enterprise should reach out to schedule an inquiry or guidance session with me to review how you can better protect your business resources.