Whitelist on smartphones: what is that?
Whitelisting is a cybersecurity strategy that allows administrators and managers to approve a list of applications while denying others. Typically, IT administrators use a whitelist (also known as a “passlist” or “allowlist”) as a simple way to safeguard networks and devices from digital threats and inappropriate material.
This strategy has become a particularly useful way to monitor and secure devices like smartphones, tablets and computers that are being used for personal and professional purposes.
For some businesses setting up a whitelist can be too much of an administrative hassle. However, nowadays there are several ways to reduce the burden on IT administrators such as using an MDM to set up an enterprise app store.
Whitelist vs. blacklist
While whitelisting might be a novel concept, many of you will have heard of a blacklist. A blacklist is a list of things that are dangerous to you and your system and therefore need to be blocked.
Antivirus programs are prime examples of blacklists because they include a list of known malicious code and deploy protection when this code is detected on your computer, smartphone or tablet.
A whitelist is the opposite of a blacklist. Instead of accepting everything and detecting the bad stuff, with a whitelist you accept only the software and items that have already been approved. As a result you never have to worry about new malicious code because the device can only access software and apps that you know to be safe and relevant.
The pros and cons of whitelisting mobile applications
- Whitelisting provides a fantastic level of protection by restricting access to software to apps and websites that are already trusted
- Whitelisting helps to reduce vulnerability to viruses and malware
- Whitelisting helps to reduce false positives
- Some IT expenditure is needed initially
- Licensing costs for MDM software
Best practices for whitelisting apps
Here are few tips to help you maintain and implement your whitelists:
- Be as specific as possible when choosing a whitelisted app;
- Document and categorize all of your whitelisted apps
- Review what is on your whitelists throughout the year to ensure their still appropriate for your business operations and your growth aspirations
- Apply whitelists selectively by placing users into access groups and applying tailored whitelists to each group
How to set up a whitelist on your business smartphones
There are two important elements to consider when setting up a whitelist for your devices in the workplace: 1) An MDM, and 2) an Enterprise App Store.
An MDM is a mobile device management software that helps administrators monitor, control and improve access to mobile devices throughout the company.
Mobile application management
Mobile Application Management (MAM) allows you to control and monitor business data in your users’ devices such as iPhones and Android phones. Although there are dedicated MAM softwares, the standard MAM features such as whitelisting or remote wiping are usually included in Mobime Devie Management software (MDM). Read more about the difference of MDM and MAM here.
There are dozens of MDM software manufacturers. Some of them can only handle Android devices (such as Android Enterprise Essentials or Google Endpoint Management), some only iOS (such as Jamf).
Most MDM solutions however can deal with both mobile operating systems. Two very well known such manufacturers are MobileIron and VMware.
- The advantages of using a smartphone manager
- Proper disposal of old phones
- How security apps enhance Android devices
App whitelisting with MDM software
Whitelisting is a standard feature in MDM software. The MDM will set up an encrypted workspace on the mobile device; this is called a “container”. Within the container, there is an app store which will allow the users to choose from the apps that have been whitelisted before from the IT department.
In Android, workspace apps will be marked with a small blue briefcase icon.
In the green circle, the Google Play Store will only offer whitelisted apps
With an MDM you can whitelist apps in all integrated devices and ensure that everyone within the company has access to the same set of approved and secure apps.
This will allow employees across departments to synchronize workflows, allow easy transfer of data and ensure that your company is not exposed to any risky apps or malware. Sideloading, which is the loading of apps from unsecure sources (forum links etc.) is prohibited by the MDM as well.
Whitelisted apps from the Google Workspace Suite as viewed on an Android phone
With in MDM, the steps to setting up a whitelist for your fleet of business smartphones are simple:
- Login to your MDM portal
- Go to Policies
- Select an existing policy or create a new policy
- Where appropriate: select Android or iOS
- Select App Management
- Then click on Blacklist/Whitelist, click configure and select Whitelist
- Select +Add to either an app or App group
- Finally, select the apps to be whitelisted, click Done and Save the policy
This process, while slightly different for every MDM, is standard for most modern MDM systems. It is a functionality that is important for businesses as they embrace digital transformation and empower their employees with the best digital devices. Whether you are working with Android or iOS, you use enterprise programs to distribute apps for internal use and deploy an MDM to ensure that these apps are properly whitelisted for business use.
How to use whitelisting on smartphones to improve your business operations
In recent years more businesses have been asking their IT administrators to utilize whitelisting. For small to medium sized businesses whitelisting apps and software for a number of devices used to be a difficult process.
Thankfully, today it is easy to implement robust and sophisticated whitelisting strategies through mobile device management systems. You can simply utilize an enterprise app store that only gives your employees access to whitelisted apps relevant to your company’s operations.
Overall, by embracing a whitelist for the mobile phones you use internally, you will be able to streamline workflows, protect your devices and ensure that employees are using the apps they need to succeed.