Contract effective date: September 18, 2024. Runtime consent, request, security, audit, and deployment timestamps remain factual records.
Enterprise/sideloaded Android/iOS distribution Compliance Checklist
Source IDs: NIST-CSF; OWASP-ASVS; OWASP-MASVS; local law; platform enterprise terms
Required checks
- [ ] Validate enterprise developer terms and MDM controls
- [ ] Do not bypass app-store privacy/security obligations for consumer apps
- [ ] Apply equivalent privacy notices, consent, permissions, account deletion and security controls
- [ ] Perform malware/tamper/signature integrity checks
- [ ] Document country-specific legality of sideloading, mobile device management and distribution
Release evidence
- Store submission screenshots.
- Privacy policy and in-app privacy screen.
- Data inventory mapped to platform labels.
- SDK list and vendor contracts.
- Test account and review notes.
- Legal/security approval.