How can I best protect personal information through application permissions.
Many 3rd party apps add enhanced functionality for users but also require access to organizer data (PIM). I am concerned about protecting privacy and preventing the potential export of that data without explicit approval. I am not worried about breach of the servers but more specifically the User Data (contacts, calendar etc.)
Thanks for any insight and/or directions as the natives grow restless with torches.

If you want to protect the data you need to deny explicit access through application control policies. However if you do that you may impact user functionality.

That said ... is it really your concern to worry about this, or do you give your users a choice?

__________________
http://blog.port3101.org/hdawg/

The views expressed by me on Port3101 and its affiliated sites are my own and do not necessarily reflect the views of my employer.

Thanks. Users indeed do have a choice, however for those (including myself) who would like to preserve 'User Data' from installed applications access while still allowing other functionality has me a bit concerned. The Servers are relatively insulated from user ignorance but that same ignorance allows an installed application with full access permissions to export potentially sensitive data.
Ideally (I guess) it would be acceptable to allow necessary access to local 'User Data' though deny any export of that data.
The trouble seems to be a lack of Granular control of the Device Firewall; Allow or Deny doesn't provide the options I need. Perhaps (probably) I don't understand the security (device side) sufficiently but having applications with full access to personal information as well as allowed to communicate with outside servers gives me great concern and I hope there is a way to harden the device without totally locking it up. If you or another can point me toward that direction I would truly appreciate it. Thanks.

I guess if you could explain a specific scenario where you're looking to limit / protect information that would help.

You can secure things at different layers and depending on how you want to be managing the data will choose the course to take.

In the end, I don't think you're going to find something to meet the requirements you're thinking of ... there isn't a pretty windows firewall interface to this stuff, but you may be able to do something.

__________________
http://blog.port3101.org/hdawg/

The views expressed by me on Port3101 and its affiliated sites are my own and do not necessarily reflect the views of my employer.