Summary:

User security is bypassed on mobile when using custom security policy

Symptoms:

This occurs when a custom security policy is given to a user with full control over their home territory and view only access over some other territory

The policy works fine on desktop but when the user logs into a mobile device they have full access to the territory that they should only be able to view.

More information:

This has been stated as fixed in 7.1m which is due for release at the end of May and will be rolled into the next 7.2 release at the end of June.