There's also the difficulty of user "tinkering". Users may alter smartphone software application loads dramatically, but it's increasingly common to find users intentionally breaking the walls between operating system and/or firmware and user application space in a process called "rooting" or gaining operating system super-user status. Rooting is usually the first step towards the capability of changing a smartphone's firmware or operating system payload as a "user-mod" implementation. Such mods are frequently performed to thwart carrier-based or smartphone hardware vendor-based constraints in use. One popular root user-mod permits tethering devices (like notebooks systems or iPods) via WiFi to a phone's data connection in a process called ‘tethering'. Carriers often impose constraints on tethering as such connections are often seen as thwarting their revenue plans.
Gaining this super-user capability is called "rooting". A phone is security-cracked with software that enables phone operating security bypass. The software and scripts used, often downloaded as a bundle, is called a "rootkit". Some rootkits can disable MDM agent control capability, and the step used to install a rootkit can be covered, leaving no trail. Currently, it's a cat-and-mouse game to detect rootkits on Apple's iOS and on Android versions. By the time you read this, it's likely to have changed, but we won't know how—and that's the challenge for MDM application makers as new rootkits and security-thwarting applications appear constantly.
Some organizations believe that intentionally thwarting software agents or attempting to breach security violates policy and requires strong recourse, while other organizations believe that systems security protects users from potentially dangerous security breaches and merely admonish users, then take action to remove offending software or states that interfere with their sense of security integrity.
Across the spectrum of mobile devices managed, MDM applications are also the focal point for audit, compliance, regulatory control, and reporting. Some packages have reporting capability that allows international regulatory and privacy compliance, where others are more focused towards asset assay, financial costing (for departmental or divisionally-focused accounting), and fleet quality in terms of patch-and-fix level, software inventory and licenses, and decision support.