Once certificates and keys are issued, you need an efficient way to deliver them to the countless mobile devices in play and prevent the export of the certificates to ensure they are used for their original purpose.
Workarounds in issuing and delivering certificates to mobile devices can expose private keys and weaken the intended security design. In addition, different device platforms, models and versions each handle certificate and key storage in different ways and require customized approaches to loading certificates. Certificate and key delivery methods that try to deliver with a “one-size-fits-all” approach often ends up generating the user's private key remotely and copying it to the device over public wire/air which leaves it vulnerable to breach. Some processes also result in fully exportable certificates being sent to the device. This can result in an increased possibility of private key exposure, the potential for certificates and keys to be copied, and the inability to maintain legal non-repudiation for these users on their mobile devices.