Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
The company should have issued the phones with a company Apple ID and IT policy. This would have avoided the nonsense.

^^THIS^^

This would be the right way to set up a company phone.

You could hold the employee's last paycheck until he gives up the password but that would likely be illegal
 
This is false. I still don't understand why people can't grasp the fact that apple can't undo the activation lock under any circumstance.
Kind of like Apple doing it for at least one of the users that posted about it!
 
So if they do it for one then they will have to do it for everyone. If they do it for everyone what's the point ?
Perhaps that if you can provide the proof they require to assertain that you are in fact the rightful owner of the device they can work with you to do it?
 
So you talk about marketing buzzwords. Isn't Apple king of this?


Nice non-sequitur, but we're talking about enterprise buzzwords that aren't backed up with documentation. Apple's marketing puffery in regards to the enterprise is actually quite low, while the documentation is readily accessible. Blackberry? You get some nice slick marketing brochures, but to get to the nuts and bolts, you have to buy their product... and then realize it's not as exclusive and superior as one is led to believe.

I am in no way a BB fan. I have not owned a BB since 2007. With that said. All these things you say BB are not the only business in town anymore. Could you please tell me how Apple is doing it more securely?

Well for starters, it's Blackberry and their fanboys saying they're doing it "more securely." The burden of proof is on them, and so far the proof hasn't been forthcoming.

What we DO know is that for years now, users of BIS who THOUGHT their communications were secure have been subject to Blackberry sanctioned backdoors in various countries, where they deliberatately sacrificed security in the name of being able to continue to sell devices to consumers there. Granted, what we know now about what the NSA is doing is no better, but this is an admitted, deliberate cooperation with foreign governments, while still parroting to users that security is paramount and superior in BlackberryLand. And you can bet if this level of access is provided overseas, you'd be naïve to think the NSA has to break a sweat, either. But what is being gleefully exclaimed in Blackberry message boards? "Hurr hurrr, you won't have to worry if you're using a Blackberry." Ignorance truly is bliss.

How to get around this? Well, nothing is foolproof clearly, but while a proprietary infrastructure exists for both Blackberry and Apple, you're not forced to use Apple's. You can mange your devices with ActiveSync, Google apps, Zimbra, implementation of always-on VPN policies among other policies and restrictions via iOS configurator (all of which can be applied with or without needing a server), the list goes on... without having to buy a proprietary front end server and software.

The enterprise itself has the power to develop a security model it is happy with. It doesn't have to be "well, we're not happy with this iCloud thing, so we're going to not buy iPhones anymore." Which is the whole point of this thread.


While the OPs problem does not really describe a security flaw. What it does bring up is a very big security issue for a lot of business.

And as has been oft-repeated, this isn't a security flaw, but a lack of proper mobile device management on the part of this alleged "multi million dollar company's" IT department, which apparently consists of a single individual who made the mistake of allowing ANY mobile devices without deploying them with MDM certificates and policies in place.


Properly implemented, the company would be the one who could dictate how and when the device they purchased is locked, wiped or activated, not the disgruntled employee. If the OP didn't read the manual, which really isn't that hard to decipher and makes it VERY clear how to take activation lock out of the employee's hands and into the company's control, then he can't blame Apple.

The REAL security flaw here is an unskilled IT department in the OP's company, who chose to hand a company-purchased device to employees without even turning the thing on, plugging it into a computer and clicking a box or two. And I sincerely hope that they aren't public facing or dealing with private customer data, because that could be shockingly bad, perhaps on the level of Target, the day poor policies mean customer data goes out in the wild.


Sure companies need to write new policies for iOS 7, but that does not change the fact that it makes it much harder for companies to use iOS 7.

False. Doing this is not much different from the procedures that must be followed for company owned Blackberries. Policies and MDM must be applied there as well, or the employee can just as easily brick a company-owned Blackberry before they're shown the door.

The only difference is that to do this on a Blackberry, you HAVE to buy their expensive software and infrastructure. It's actually harder on BBOS than iOS.


If big companies are constantly having to consider iPhones bricks because the can't use them. They are going to have some major issues.

Let me link this again, because it bears repeating:

http://support.apple.com/kb/HT5927

A simple configuration certificate with policies specified, put in place before an iOS device is issued to an employee, renders this moot. The software required to do this costs nothing, which can't be said about other devices. The time and effort required to do this by IT staff is equal to, if not less than, comparable devices. They just have to RTFM before they start to deploy, or do a little bit of Googling. And if THAT is too much work for the IT guy, then the problem isn't with Apple.
 
Last edited:
Nice non-sequitur, but we're talking about enterprise buzzwords that aren't backed up with documentation. Apple's marketing puffery in regards to the enterprise is actually quite low, while the documentation is readily accessible. Blackberry? You get some nice slick marketing brochures, but to get to the nuts and bolts, you have to buy their product... and then realize it's not as exclusive and superior as one is led to believe.



Well for starters, it's Blackberry and their fanboys saying they're doing it "more securely." The burden of proof is on them, and so far the proof hasn't been forthcoming.

I don't have to prove anything. You can do the research and tell us all or refute it. Typical internet arguement when one is lazy.

What we DO know is that for years now, users of BIS who THOUGHT their communications were secure have been subject to Blackberry sanctioned backdoors in various countries, where they deliberatately sacrificed security in the name of being able to continue to sell devices to consumers there. Granted, what we know now about what the NSA is doing is no better, but this is an admitted, deliberate cooperation with foreign governments, while still parroting to users that security is paramount and superior in BlackberryLand.

Well the governments couldn't hack into Blackberry so they threatened to throw them out of the country. What would you do? However, what Blackberry did yesteryear is no different than any telco or ISP today that just gives your data to the NSA willingly. I'm sure apple at that time period also bent over so they were no better.

Let me link this again, because it bears repeating:

http://support.apple.com/kb/HT5927

A simple configuration policy put in place when an iOS device is issued to an employee renders this moot. The software required to do this costs nothing, which can't be said about other devices. The time and effort required to do this by IT staff is equal to, if not less than, comparable devices. They just have to RTFM before they start to deploy.

You get what you pay for. Apple integration into a company ecosystem is not as good as Blackberry, which is why there are multiple third party solutions. And you can try to place the burden of proof on me, but I won't have it.
 
But with appropriate security in place you can remote wipe the phone even if the pass code is not known. Then setup as new.

???? We agree. Handing the employee the phone without the company setting all of this puts the blame on the company!

----------

Well the governments couldn't hack into Blackberry so they threatened to throw them out of the country.

I am betting that our government/NSA can and HAS BEEN cutting though the data and calls on a Blackberry like a hot knife though butter! I bet Blackberry did not give them a way to do it, they just have the ability did it.
 
I don't have to prove anything. You can do the research and tell us all or refute it. Typical internet arguement when one is lazy.
IMO, his posts seem to contain the links to the information regarding the points he's trying to make. Your replies seem to the the ones saying "oh, I don't have the proof for what I'm saying".

I don't disagree with your quote above, but IMO, your lazy reference seems to apply predominately to your posts.

If you don't want to put the work in to prove your points, why not just say that and then agree to disagree? Ends the conversation gracefully, IMO.

----------

Side-note, I miss the old HowardForum days. :)
 
???? We agree. Handing the employee the phone without the company setting all of this puts the blame on the company!

----------



I am betting that our government/NSA can and HAS BEEN cutting though the data and calls on a Blackberry like a hot knife though butter! I bet Blackberry did not give them a way to do it, they just have the ability did it.

Phone calls are different than data. Your ISP could give the NSA your phone metadata. BES had strong end to end encryption between device and server.
 
IMO, his posts seem to contain the links to the information regarding the points he's trying to make. Your replies seem to the the ones saying "oh, I don't have the proof for what I'm saying".

I don't disagree with your quote above, but IMO, your lazy reference seems to apply predominately to your posts.

If you don't want to put the work in to prove your points, why not just say that and then agree to disagree? Ends the conversation gracefully, IMO.

----------


Side-note, I miss the old HowardForum days. :)

good point:

Http://us.blackberry.com/business/software/BES/specifications.html
 
Phone calls are different than data. Your ISP could give the NSA your phone metadata. BES had strong end to end encryption between device and server.

Anyone who thinks the NSA can't access BES is in denial!

If they could not penetrate BES they would not allow it. I am betting they have had the ability for a long time!

No conversation, text or email would be able to evade the NSA's abilities to capture
 
I don't have to prove anything.
You can do the research and tell us all or refute it. Typical internet arguement when one is lazy.

Nice inversion, but truth is I've made my case, and provided sources. You have not.

Well the governments couldn't hack into Blackberry so they threatened to throw them out of the country. What would you do?

I'll tell you what I wouldn't do: lie to people and tell them their data is safe.

However, what Blackberry did yesteryear is no different than any telco or ISP today that just gives your data to the NSA willingly. I'm sure apple at that time period also bent over so they were no better.

Unfortunately, we have no proof either way in the case of Apple. One should certainly play it safe and assume so, but the fact is, Apple has not claimed that they are the standard bearer for security, like Blackberry has.

You get what you pay for. Apple integration into a company ecosystem is not as good as Blackberry, which is why there are multiple third party solutions. And you can try to place the burden of proof on me, but I won't have it.

Then don't say anything. You can't say something is fact and then not back it up, and expect others to simply trust that you're right.

I do find it interesting though, that you find freedom of choice to indicate weakness. I feel that diversity strengthens security: more avenues of attack, more uncertainty for the attacker, and more choices for the security minded IT manager to decide what they are most comfortable with, instead of a single source dictating it all for them and expecting you to just trust that all is perpetually well.

In any case, a solution exists for the OP (something you completely glossed over), should he still want to manage his remaining iOS devices rather than waste money and toss them out for Blackberries.

----------


Yeah... the marketing literature again. So, where does this tell me HOW it's more secure than iOS or other platforms? the only hard fact I see here is the listing of encryption algorithms, and iOS and Android are already making use of S/MIME support and AES, just like Blackberry.

What DOES concern me is, why is Blackberry still using 3DES?
 
Last edited:
Either give it away as a personal iPhone for their own use (like my wife's school does for their administrators) and don't expect its return or treat it like a company iPhone with company's supplied Apple ID.

Otherwise, it's just one of the flurry of questionable threads on overriding activation- and passcode-locked iPhones that we've been getting lately.
 
IT / Mobile Device Admin over about 300 iOS devices here.

We issue AppleIDs with our corporate exchange accounts, and the user is forced to keep that AppleID on the device with our MDM profile, meaning we can reset its password whenever needed. They are free to add a SECOND AppleID to install personal paid apps if they feel like doing so, but this is never used for activation lock.

That being said, it's a pretty simple fix if you don't want to go through all of that. Update your company's IT mobile device use policy to say that employees are liable for any loss of equipment for any reason upon termination of employment. If they return a bricked phone due to this issue, you take it out of their last check (or withdraw it straight from their bank account - direct deposit goes two ways, and it's perfectly legal if it's in the employment contract. He had the chance to call you back.).

That being said, again, with a well-planned deployment strategy this shouldn't have ever happened. We naturally started issuing these devices before iOS7 was even a twinkle in anyone's eye, and were already immune against activation lock issues.
 
Last edited:
Nice inversion, but truth is I've made my case, and provided sources. You have not.
Okay, you are correct. Case is made as weak as it is. Not!

I'll tell you what I wouldn't do: lie to people and tell them their data is safe.Unfortunately, we have no proof either way in the case of Apple. One should certainly play it safe and assume so, but the fact is, Apple has not claimed that they are the standard bearer for security, like Blackberry has.

For the NSA to install devices in an iphone, they had to have had some cooperation. Under lawful rule, these companies have to do what is asked of them. I'm not assuming apple is squeaky clean.


What DOES concern me is, why is Blackberry still using 3DES?

What concerns me is the easy way people find to hack into iphones ala the control panel password bypass. Much more serious than using triple DES or AES, which is considered to be fairly secure.

Anyway, it's been fun. You can have the last word, as weak as it may be.
 
So... OP's company doesn't have time for policies or BYOD, stops buying Apple because of their own mismanagement, won't call Apple to see what his options are, and is going to commit fraud as an experiment. It seems like the only winner here is the guy that got fired.
 
So... OP's company doesn't have time for policies or BYOD, stops buying Apple because of their own mismanagement, won't call Apple to see what his options are, and is going to commit fraud as an experiment. It seems like the only winner here is the guy that got fired.

Basically, you hit the nail on the head.
 
Surely the Apple ID could be setup with corporate email and when employees leave they authorise the access to their work mail. You could then reset password for icloud. Or does it not work like that?
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.