A processor may identify a new application on a device. The processor may receive, from the device, user data. The user data may include user profile information and user activity information. The processor may evaluate the user data. The evaluating of the user data may include designating a security level to the user data. The processor may determine, from evaluating the user data, that a default security configuration for the new application is not secure. The processor may automatically generate a customized security configuration for the new application. The processor may apply the customized security configuration to the new application.