{
	"id": "c9ec1a3b-6127-4f32-a700-33960109ace2",
	"created_at": "2026-04-06T00:13:34.749418Z",
	"updated_at": "2026-04-10T03:21:22.341287Z",
	"deleted_at": null,
	"sha1_hash": "302397a0fbfe2fa5302c51785dcc5e8d19f6aad4",
	"title": "EMM-7 · Mobile Threat Catalogue",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 44437,
	"plain_text": "EMM-7 · Mobile Threat Catalogue\r\nArchived: 2026-04-05 20:34:21 UTC\r\nMobile Threat Catalogue\r\nBreach of Privacy By MDM Administrator\r\nContribute\r\nThreat Category: Enterprise Mobility\r\nID: EMM-7\r\nThreat Description: End user privacy incursions by an administrator or attacker with administrative access to the\r\nEMM/MDM administrative console (e.g., tracking device location, call logs, text messages, personal contacts,\r\netc).\r\nThreat Origin\r\nWorker Fired for Disabling GPS App That Tracked Her 24 Hours a Day [Updated] 1\r\nExploit Examples\r\nNot Applicable\r\nCVE Examples\r\nNot Applicable\r\nPossible Countermeasures\r\nEnterprise\r\nEnsure that the EMM/MDM console provides privacy controls to limit administrator access to privacy-sensitive\r\ninformation.\r\nConfigure EMM/MDM solutions to audit administrative access and activity, particularly with respects to privacy-sensitive information.\r\nConfigure EMM/MDM solutions to collect and audit only the minimal set of data necessary to meet the\r\norganization’s broader mobile device security goals.\r\nEducate enterprise users about the privacy implications of enrolling their device into a EMM solution, such as\r\nclearly defining what data will be collected, and establishing procedures for resolving potential privacy violations.\r\nhttps://pages.nist.gov/mobile-threat-catalogue/emm-threats/EMM-7.html\r\nPage 1 of 2\n\nTo prevent the potential for an attacker to gain access to highly privacy-sensitive information, such as call logs,\r\nconfigure EMM solutions with workflows that require multiple adminstrators to authorize access to such\r\ninformation prior to its release by the system.\r\nTo further minimize the potential for EMM solutions to capture privacy-sensitive data, particularly for BYOD\r\nscenarios, deploy EMM solutions that discriminate the data collected when a device is being operated in a\r\nbusiness context versus a personal context.\r\nReferences\r\n1. D. Kravets, “Worker fired for disabling GPS app that track her 24 hours a day [Updated]”, Ars Technica, 11\r\nMay 2015; http://arstechnica.com/tech-policy/2015/05/worker-fired-for-disabling-gps-app-that-tracked-her-24-hours-a-day/ [accessed 8/23/2016] ↩\r\nSource: https://pages.nist.gov/mobile-threat-catalogue/emm-threats/EMM-7.html\r\nhttps://pages.nist.gov/mobile-threat-catalogue/emm-threats/EMM-7.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://pages.nist.gov/mobile-threat-catalogue/emm-threats/EMM-7.html"
	],
	"report_names": [
		"EMM-7.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434414,
	"ts_updated_at": 1775791282,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/302397a0fbfe2fa5302c51785dcc5e8d19f6aad4.pdf",
		"text": "https://archive.orkl.eu/302397a0fbfe2fa5302c51785dcc5e8d19f6aad4.txt",
		"img": "https://archive.orkl.eu/302397a0fbfe2fa5302c51785dcc5e8d19f6aad4.jpg"
	}
}