Currently, users can upload files into Asana (desktop) and download them on their mobile devices via the Asana app. The reverse can be done as well - upload via mobile app and download via Asana (desktop). If a company has set download restrictions on computers - but allows downloads from Asana - then the Asana mobile app can act as a secret back door that enables someone to upload a Trojan file (whether knowingly or not) into the Asana app and then download it on their work computer. It also allows them to upload files that should not be accessible outside of work and download them onto their personal device all while under the disguise of legitimate work being done. We want to be able to upload and download files on our work computers, but nowhere else.
I don’t yet know if this back door can be closed on web browser - but I sure hope it can - I’m only aware of this issue with the app. If there isn’t currently a way for Asana admins to close that door I hope there will be soon. With the ever increasing security breaches occurring, and the fact that a company’s greatest security risk is its employees, not having this ability could cause companies to back down from using Asana.