Before You Approve That App: Build a Vetting Process That Actually Works

Learn how to replace ad hoc app reviews with a scalable vetting process, spot hidden risks like AI components, and make defensible approval decisions with real-world examples.

Register Now
Live Webinar
Live Webinar: Build a Better App Vetting Process Live Webinar: Build a Better App Vetting Process Register Now
magnifying glass icon

Copied to clipboard

Mobile App Risk is Business Risk.

Regulators are watching Enterprise mobile apps. Users demand transparency. Get instant visibility into privacy risks, AI data exposure, dangerous permissions and suspicious network connections across your entire enterprise app portfolio.

Search 2,000+ Enterprise Apps. Know Your Risk in Minutes.

Random App Search
ANDROID

HCMToGo

HCMToGo

Company Shortname Required! This app requires a company shortname, which is a unique company identifier which you can get from your company administrator.

Tada! The new HCMtoGo mobile app is here! Before you jump in and download it be sure to take a look at the following.

*IMPORTANT MESSAGE FOR NEW HCMtoGO USERS*
BEFORE YOU LOGIN – employees and managers:
• If your administrator has not setup the new HCMtoGO app for your organization, you will NOT be able to get access. Please check with your manager or company admin to get access to the new app.
• When logging in with HCMtoGO you will need to select the region you are using as well as the Company Shortname (The unique Identification number your company administrator needs to provide to you.)
• After you enter that information you will be prompted to enter in your Company, Username, and Password. If you get stuck on this your COMPANY ADMIN can help you out.
• Companies need to be using approval workflows to process To Do Items.
• Supported Timesheet Profiles are Bulk Hours and Start/End (All Days) only.
• Administrator should provide their company’s Short Name to users for login.

Now that you are ready to join HCMtoGO here are some of the awesome things you can do within the new app to enhance your human resource needs:
• Check and/or edit your timesheets for accuracy
• Submit and view time off requests
• Check vacation/sick balances
• Enroll in benefits and view existing benefits
• Check your schedule
• View pay stubs and manage direct deposits.
• Check your schedule and, if enabled, swap shifts with peers

Your employer must have the HCMtoGO software configured for mobile use. Contact your system administrator for more details.

Key things to know as an administrator:
• Users need to have permission to access the new app via their security profile.
• Users need to be permissioned to have access via their UI Preferences widget within their security profile.
• Companies need to be using approval workflows to process To Do Items.
• Supported Timesheet Profiles are Bulk Hours and Start/End (All Days) only.
• Administrator should provide their company’s Short Name to users for login.
• Basic Authentication with SSO is not currently supported

App Store Details

HCMToGo

Package ID

com.hcmtogo.workforceready

Version

200070

Developer

Workforce Ready

Category

Business

Store Rank

119

App Store Link

View in Google Play

Developer Privacy Policy

Privacy Policy

Observations Summary:

Permissions: DETECTEDSensitive Data Collection and Sharing: SENSITIVE INFO FOUNDNetwork Connections: DETECTEDPrivacy Declarations: NOT DETECTEDAI: NONE DETECTED

Permissions Observations

 DETECTED

Permissions defined by Apple and Google as dangerous have been observed.

Observed During Analysis

  • Allows an app to access approximate location.
  • Allows an app to access precise location.
  • + 17 more
  • See Your App’s Risk Profile

Why Permissions Matter

If not managed properly, dangerous permissions can permit malicious access to sensitive data, and device features.

Sensitive Data Collection and Sharing Observations

 SENSITIVE INFO FOUND

This app collects, stores, or shares information that is often designated as sensitive and private.

Observed During Analysis

  • Build Fingerprint
  • See Your App’s Risk Profile

Why Data Collection and Sharing Matters

If not managed properly private data can expose enterprises, customers, employees and partners to breach and compliance violations.

Network Connections Observations

 DETECTED

Network analysis has detected communication with external servers and data transfer patterns.

Observed During Analysis

Connected Hostname:
  • google.com
Server Locations:
  • Mountain View, California, US
  • See Your App’s Risk Profile

Why Network Connections Matter

Uncontrolled communication with external servers by an employee-used app could expose sensitive business data to unauthorized third parties. This unauthorized access can lead to data breaches, regulatory non-compliance, and damage to your business's reputation and financial standing.

Privacy Declarations Observations

 NOT DETECTED

This test did not detect a discrepancy, indicating all required declarations are disclosed.

  • See Your App’s Risk Profile

Why Privacy Declarations Matter

Declarations matter because they provide transparency on how apps collect and use sensitive data. iOS requires Privacy Manifest declarations, while Android requires Data Safety disclosures and manifest permissions.

AI Observations

 NONE DETECTED

None detected. Further analysis recommended.

  • See Your App’s Risk Profile

Why AI Matters

AI features can process sensitive data in unexpected ways, potentially exposing proprietary information or creating liability.

NowSecure provides detailed risk assessments for millions of mobile apps. We Can Help Secure Your App.

All trademarks, logos, and brand names are the property of their respective owners. All company, product, and service names used in this website are for identification purposes only. Use of these names, trademarks, and brands does not imply endorsement.

MARC App Directory

Ready to Reduce Enterprise Mobile App Risk?

Stop operating in the dark. NowSecure Mobile App Risk Management gives enterprise CISOs, compliance officers and security teams the visibility and control needed to protect sensitive data, meet regulatory requirements and safeguard your brand reputation across all apps your organization builds and deploys.