Company installed new Screen Password Lock thru Exchange. How is this possible?

[SingaporeStu]

My company just installed some new screen password lock on my iPhone through my Exchange account. (It has to be that because there are no other company-related software or settings apart from that on my iPhone).

How is this possible? I thought all software getting on to the iPhone has to be approved by Apple and installed through iTunes/ App Store?

This is my personal iPhone, not a company iPhone, and has never been touched by my company's IT guys. The Exchange account settings were configured by me. I've been using it for email on the go.

They sent out an email earlier saying that Blackberry & WinMo users (company-issued or not) would have this, but I didn't think it could get on to my iPhone.

Also, if they can install that, what else can they install? Now I'm really afraid Big Brother is watching...

 

[aristobrat]

ActiveSync (that your iPhone uses for push email w/ Exchange) allows companies to set general device policies, like the 'lock password' on your device.

I think these are the only policies that can be applied:
http://images.apple.com/iphone/business/docs/iPhone_MS_Exchange.pdf

Exchange ActiveSync security policies
• Remote wipe
• Enforce password on device
• Minimum password length
• Maximum failed password attempts (before local wipe)
• Require both numbers and letters
• Inactivity time in minutes (1 to 60 minutes)

Additional Exchange ActiveSync policies (for 2007 only)
• Allow or prohibit simple password
• Password expiration
• Password history
• Policy refresh interval
• Minimum number of complex characters in password
• Require manual syncing while roaming
• Allow camera

 

[thelatinist]

Exchange servers give System Adminstrators the power to enforce security policy on client computers. It's one of the features of Exchange that make it popular in business. This functionality is written into the iPhoneOS, so nothing needs to be "installed."

 

[SingaporeStu]

Oh, ok... That's news to me... Guess I haven't really read up much on Exchange Activesync.

But that's all they can do right? They can't install anything beyond that? There's no "back door" through Exchange Activesync to spy on my iPhone?

Also, does the Remote Wipe through Exchange Activesync wipe the whole phone? Or just the data from the Exchange account?

Thanks for your replies, all.

 

[LIVEFRMNYC]

And they said it wasn't a business phone.

 

[phishindsn]

My understanding in remote wipe is essentially the same as doing a full reset or restore. I administer 10 iPhones at work and we use notifylink to control our devices. It emulates activesync and it can do a remote wipe. It fully wipes it like a restore does. I have tested this...it was one of the key features we looked for in a product.

I would assume if you are allowed to access your companies information you signed some type of policy that allows them to do this or agreed to do something. So it's their information ( their email) so they can administer it anyway they see fit...even if it means locking your device to control it and remote wipe it to secure it.

 

[SingaporeStu]

My understanding in remote wipe is essentially the same as doing a full reset or restore. I administer 10 iPhones at work and we use notifylink to control our devices. It emulates activesync and it can do a remote wipe. It fully wipes it like a restore does. I have tested this...it was one of the key features we looked for in a product.

I would assume if you are allowed to access your companies information you signed some type of policy that allows them to do this or agreed to do something. So it's their information ( their email) so they can administer it anyway they see fit...even if it means locking your device to control it and remote wipe it to secure it.

Well, for what it's worth, I didn't sign any agreement or policy. It was a "remove your settings or accept the new sh*t" kind of thing. I just didn't think my iPhone would be affected, that's all.

I tried to deactivate my Exchange account, but the new password lock is still there. How do I remove it and restore to the default 4-digit lock?

 

[MavsX]

sounds like an IT policy. Similar to the blackberry BES that we manage at my office.

suckers

 

[phishindsn]

I tried to deactivate my Exchange account, but the new password lock is still there. How do I remove it and restore to the default 4-digit lock?

Could you turn off the password lock entirely? If so then maybe it switch back to the four digit after you turn that option back on.

 

[thelatinist]

Could you turn off the password lock entirely? If so then maybe it switch back to the four digit after you turn that option back on.

This might work. If you've already removed the Exchange account they should no longer be able to enforce the policy.

 

[-aggie-]

Why do they need remote wipe capability though?

 

[thelatinist]

Why do they need remote wipe capability though?

Because your email/calendar might have sensitive data on it which might be a target for industrial espionage, and they need the ability to delete it should your phone be stolen.

 

[-aggie-]

Because your email/calendar might have sensitive data on it which might be a target for industrial espionage, and they need the ability to delete it should your phone be stolen.

I wouldn't have my work's email on my iPhone then. Let them give me a business phone.

 

[Vizin]

I wouldn't have my work's email on my iPhone then. Let them give me a business phone.

If you don't have your work email on your iPhone that means you don't have exchange set up, and they wouldn't be able to do a remote wipe.

 

[KingHuds]

It's not like they're doing it on his personal phone. If he has company data through his email on the phone then they should require him to have the passcode. Take off the company data, no need for them to enforce it on your phone.

 

[djrobsd]

If they did a remote wipe on an iphone, but I had my iphone backed up in itunes, and I restore the backup from itunes... Will I get my stuff back? I'm assuming I will get back anything that was not synced with the exchange server, such as apps and settings, but probably not my contacts or calendar?

 

[MTI]

Yes, your iTunes backup will restore your data, but it will only be as of the last sync.