This is the reality.
Here’s the uncomfortable truth: As long as you permit your corporate apps and data to coexist on the same device as personal apps and data, you have an obligation to police both. It’s either that or insisting on strict partition separation, which is typically next to impossible to enforce or to deploy.
The article goes on to suggest pen testing every app your users might want to download on their mobile devices. I’ve got a better idea, just stop it with BYOD. Issue your employees mobile devices and quit being cheap about it, and only allow those devices to access corporate data.
Then, when your employees complain about needing two devices, suggest something novel, when they’re off work, they can just be off work, and not carrying their work device.
See, wasn’t that simple? /sarcasm