The technology sector remains ever vulnerable to cybersecurity issues, including mobile, devices. What should the next frontier of mobile security testing be and what should leaders be prioritising now?
To try and unravel this, Digital Journal spoke with Subho Halder, CEO of Appknox, a mobile security, firm.
Digital Journal: Why is mobile security more complex for enterprises today?
Subho Halder: Companies depend on mobile devices for everything, whether it’s emails, messaging, or accessing sensitive information. At the same time, the systems these devices connect to, like apps, cloud services, and networks, are becoming increasingly complex. That complexity can create hidden areas where problems or vulnerabilities can go unnoticed.
Many security tools incorrectly assume devices and apps behave in predictable ways. For example, enterprise devices are managed by Mobile Device Management (MDM) solutions that create secure “tunnels” for traffic. While essential for protecting corporate data, these tunnels can also block visibility into things like whether an app is sending data to an untrusted server, if a login attempt looks suspicious, or if malicious code is trying to run in the background. These blind spots make testing and monitoring difficult. If you can’t see how apps behave under real-world conditions, you can’t truly know where vulnerabilities lie.
DJ: What role do MDM solutions play in enterprise security?
Halder: MDM is central to modern enterprise security. It allows IT teams to enforce policies, encrypt data, control access, and isolate corporate information from personal apps through containerization. MDM (Mobile Device Management) is crucial for mitigating risks associated with both company-owned and BYOD (Bring Your Own Device) programs. By consistently managing these devices, MDM effectively reduces threats such as data leakage, the use of unapproved applications, and vulnerabilities from unsecured network connections.
Without MDM, organizations struggle to secure sensitive data, prevent unauthorized access, and manage communication over unprotected channels. In short, MDM is a safeguard that also introduces new visibility challenges.
DJ: What are the risks of these “hidden” areas within MDM-protected environments?
Halder: Think of MDM as both a shield and a gatekeeper. While it protects corporate data, it can also hide how apps and devices behave on the network. Attackers often target these blind spots because they are privileged pathways into enterprise systems.
The risk isn’t hypothetical. Even well-protected devices can be exposed if traffic inside these tunnels isn’t visible to security teams. Without monitoring and testing, vulnerabilities can persist unnoticed, leaving critical systems exposed.
DJ: How should enterprises rethink their approach to mobile testing given these challenges?
The key shift is moving from perimeter thinking to visibility-first thinking. It’s not enough to say, “Our traffic is routed through a VPN, so we’re safe.” Security teams need ways to observe and stress-test how apps behave inside those controlled environments.
That requires new tools and approaches, some of which we’re seeing emerge from the open-source community. At Appknox, for example, we recently launched KnoxSpy, an open-source project that enables researchers to gain visibility into traffic hidden inside MDM tunnels, helping the security team assess this traffic and determine if the internal system has vulnerabilities.
Defenders need the same advanced techniques that attackers already use; attackers find creative ways to look deeper, and defenders need to be equally innovative.
By releasing tools openly, the community accelerates learning, uncovers new classes of vulnerabilities, and helps enterprises close gaps faster.
DJ: Where do you see the next frontier of mobile security testing?
Halder: Enterprise security is evolving from focusing on building walls to instead prioritizing visibility, continuous testing, and proactive defence. Enterprises must anticipate where attackers could probe for weaknesses and ensure those areas aren’t “invisible” to defenders.
This mindset shift emphasizes transparency, collaboration, and adaptive tools, whether monitoring encrypted traffic, testing mobile apps in real time, or securing complex cloud-to-device networks. Organizations that embrace these principles will be far better positioned to protect sensitive data and maintain trust.
DJ: What should security leaders focus on today to prepare for these evolving challenges?
Halder: First, recognize that blind spots are your biggest vulnerability. Anything you can’t see or test is potentially exploitable. Second, invest in solutions that provide end-to-end visibility across devices, networks, and applications. Finally, foster a culture of proactive security, one where testing, monitoring, and continuous improvement are as central as policies and encryption.
By combining strong MDM practices with tools and expertise that illuminate hidden traffic, security teams can close gaps before attackers find them and ensure enterprise mobile security keeps pace with digital transformation.
