Re: social media data hoovering is an obvious security risk
The apps on those phones should be managed by a mobile provisioning system--controlling what apps a phone can and cannot have, even limited by AD group--and even ensuring that only validated/scanned apps are available. In fact, such controls should be mandatory in any organizations having any sensitive data--i.e. most every organization.
But, that doesn't stop users--even high-level users--from asking for all kinds of nonsense. You might well be surprise (or not) at how far these requests get before some bit of sanity shuts one down.