Qlik Sense Mobile for iOS: what are the security risks when downloading an app

Qlik's help site states:  "the security is built into the file itself, which means a downloaded file is also protected, to some extent. However, if security demands are high, downloading of files and offline use should be prevented, and files should be published by the Qlik Sense server only".

What are the actual risks that could be encountered?
 

Environment:

Qlik Sense Mobile, any

This is a possible scenario:

• with a jailbroken device, a user could pull the downloaded qvf out of the iPhone/iPad
• once they ave a qvf, the user could put it on a domain which replicate the users that have full access to the app that is protected by section access. Note that they would not need the password for those users: in Qlik Sense section-access security is Windows-based. An example could be made with a user called YourCompany\YourAdmin that has full section access permissions on the app. A different user could pull the qvf out of Qlik Sense Mobile, use a domain controller to create a fake domain called YourCompany and a user called YourAdmin with any password they like. Then they would need to setup a Qlik Sense Enterprise server, import the qvf and get full access to the app and its script.

So,  possible to exploit the downloaded application, but it would still be quite complicated. This would be needed:

• an employee willing to go against the company
• a jailbroken iOS device (several EMM systems can detect that, and disable the devices)
• someone with the ability and means to setup a fake domain (or finding other ways to trick a proxy, with single sign on or ticketing solutions) and with the knowledge of the usernames that have admin access to the apps
• a licensed Qlik Sense Enterprise server running on the fake domain