I’ve been using Google’s native MDM. I can’t do any of those on a personal device. The only thing I can do with a personal phone used for work is wipe the android for a work profile off of it. If you’re using a company device, I cannot do any of that. The only thing I can do is wipe the entire phone and that’s it.
100%
I used to do MDM at my last company. The post here is very misinformed on how it works.
All companies can do is wipe your phone and configure settings. They cannot read what's on the phone, except for the stuff in the work profile and even then it's limited.
I have a corporate phone with a personal and work profile set up and have no issues browsing porn. That's how confident I am.
The only risk is if you're on a regular cellular network, your company could ask the mobile network to send the sites you visit. But if you're VPNing or on your home wifi, that won't tell them much.
How does Android protect against this?
Also can you have different profiles for this? Would that require two SIM slots? I don't play around with profiles so I have no idea.
I don't have an exhaustive understanding of how it works and limits data, but on my android, it essentially has two partitions, one for personal and one for work. They do not share data. In order to take and share a photo on my work Teams chat, it has to be taken either from within teams or with the camera app on the work partition. It cannot access my personal gallery. I have Teams on my personal partition from an old job that I still help out from time to time, and the same exact Teams app installed on my work partition. They are not connected in any way. The only thing that doesn't require me to put in a pin to access on my work parition are the notifications.
Most of the limitations I experience from my side are in my own access to work resources. I can't say with confidence that those same limitations go both ways. But it does seem like that is probably the case.
Within the Intune MDM space, a separate partition is created on the device that essentially isolates work apps/data from personal apps/data. I, as a sys admin, have control over the "work" space, but no control over the personal side of things.
We don't have a very heavy handed approach to monitoring usage etc for mobile devices or even laptops and this has been the case with most of my previous jobs.
That said, I'm sure there are IT departments out there with a ton of staff and a big budget that can and will get quite granular with what you are doing on your devices (keylogging, etc)
TL;DR - never use company devices for personal materials. Create a separate, independent email strictly for work or your company email for all company devices, not your personal one.
I have a mobile device required for work, and my personal device.
No personal stuff goes on the work device. Photos, apps, logins, messaging, whatever. Zero. However, many of my colleagues use the device like, “Free mobile device, bro!” and load it up with everything they have on their personal device.
That is a horrible idea. The company device has its own cybersecurity app installed and managed by company servers that sees everything on your device, and should your device be used for something it shouldn’t, they don’t even have to take it from you to know what you did. They know when you did it, too. Watching movies or texting while driving? Reading a book or using social media while monitoring a system? If you crash the company car, or the system goes TU and they see you were fucking around with the company device instead of doing your job, you’re fucked. They see it all, it’s all regularly scanned, uploaded, screened, whatever. They just don’t bother to look unless they need to. Already had a couple people fired for illegal material on their devices.
When I set up the device management on my work phone, it explicitly said it couldn't see media files on my phone. And particularly it didn't touch the non-work profile. Do you have a source that contradicts this?
There's a difference between setting up a work profile and just installing mdm on your main profile. I'd still try and stay away from it if you can
Ok makes sense. Thanks
This is the employer working around having to purchase and maintain a phone inventory for employees.
While we're on the topic, this also applies to laptop/desktop hardware for the work-from-home crowd.
In general it's a bad idea to use personal devices for work. Companies that don't give you a choice are being cheap and disrespecting of privacy at best, and want to spy into your personal life at worst. It's also really, really, really bad IT security for everyone involved.
Since when are companies installing MDM on peoples personal devices?
It is usually just for corporate devices, where you shouldn't leave any personal data on.
But, in all honesty, no one is going to be looking at it unless there's a very good reason too. IT sure as hell doesn't have enough resources to monitor it.
MDM largely exists to remote wipe a lost or stolen phone.
In reality, yes there will be snooping. I've had a new colleague that had to explain why they had parked several times near the HQ of a competitor outside working hours. Answer: he lived in that village and his favorite bakery was were he had parked. After that he removed the company tracker from his car, a car that he was leasing and paying for himself. He had only installed the tracker as a courtesy to facilitate on site personnel tracking and it was abused in the shortest order.
Anything that can be abused, will be abused.
I quit my job of over a decade using the same phone and email, I left to go competition. I gave them all my passwords.
I've kept my personal phone a lot longer than I had theirs lol
People tweeting stuff. We allow tweets from anyone.
RULES:
