Employer installed a profile on my phone - risks?

[italianplaya]

I wanted to start receiving emails from work on my iPhone 4S so my employer, with my consent, installed a profile on my phone. They use the Good app which involved installing the Good profile and a custom profile specifically designed by my employer.

To be more specific about the profile, it can be found in settings>General>Profiles.

With these installed, what access does my employer have within my phone?

Thanks!

 

[einmusiker]

there is NO WAY I would allow this. If they wanted to send emails to my phone they would have to provide me with a phone. to reiterate... NO WAY IN H3LL

 

[aristobrat]

Good is a MDM solution.

Here is a high level of what it can do.

http://www.apple.com/iphone/business/it-center/deployment-mdm.html

 

[alent1234]

They can wipe your phone or just the email part, forget which one

And in theory restrict what you do with it like installing apps and require pass code
The rule with this is if you want work email on your phone, you have to consent to this

 

[mbhforum]

I helped setup Good in my last company. Basically, it can apply a number of security policies and processes such as the ones mentioned above. Apple also allows MDM providers access a limited amount of information such as battery level, cell signal, etc.

Don't worry they can't read your data. Most companies have a waiver or acceptable use policy that legally allows them to put their policies on your device. It's only fair and a two way street. They shouldn't force you though.

 

[Phonzoxd]

They can wipe your phone or just the email part, forget which one

And in theory restrict what you do with it like installing apps and require pass code
The rule with this is if you want work email on your phone, you have to consent to this

This interests me.

If I get fired I don't want them wiping out my Stuff. If they want to wipe their emails that is fine.

Right now the company is paying for a 2nd phone I have, however in the future they will no longer do that for you and just instead pay for your personal phone bill instead.

So I have considered letting them do that so I can save some money.

If they cant access my personal stuff, and my personal emails then that is fine by me.

 

[calaverasgrande]

Most corporate messaging departments are doing teh same or similar.
In the corporate entity I work for (who shall remain nameless)
we currently are prohibiting users from adopting IOS7 until it is vetted for Calendar event issues.
We also enforce lock code policy on all models of phone (BB & Android too)
It is not as draconian as it sounds.
Company emails are the IP of the company and often may contain sensitive info. Especially in broadcast, sports and banking (from my limited experience).
A lost phone can cause a lot of damage in the wrong hands. So lock codes and remote wipes are de rigeur.

 

[BeeGood]

This interests me.

If I get fired I don't want them wiping out my Stuff. If they want to wipe their emails that is fine.

Right now the company is paying for a 2nd phone I have, however in the future they will no longer do that for you and just instead pay for your personal phone bill instead.

So I have considered letting them do that so I can save some money.

If they cant access my personal stuff, and my personal emails then that is fine by me.

Two jobs ago I had good installed for corporate emails. When I separated there wasn't a problem.

The company I am with now uses mobile iron which essentially does the same thing and installs different profiles that allow me to get email but also allow IT to force you to use a password and gives them the ability to wipe your phone.

I wouldn't worry about it. If you uninstall good on your last day (don't forget to remove the profiles) you will be fine. Like you said, you save money and don't have to be bothered carrying around two devices.

 

[KPOM]

My employer does the same. They've gone overboard and put 8 profiles, actually. One has the passcode so that our phones automatically connect to the secure wi-fi we have at the office. Another is for our RSA SecurID. One enables access to our Exchange server through MobileIron, while another adds some requirements such as using a passcode (Touch ID works), and enables remote erase if the passcode is entered incorrectly too many times.

 

[Geckotek]

I wanted to start receiving emails from work on my iPhone 4S so my employer, with my consent, installed a profile on my phone. They use the Good app which involved installing the Good profile and a custom profile specifically designed by my employer.

To be more specific about the profile, it can be found in settings>General>Profiles.

With these installed, what access does my employer have within my phone?

Thanks!

Good is one of the better MDMs which actually silos off your company data from the rest of the apps and such. Due to this, your employer is able to selectively wipe only the business related data when you separate.

The base Exchange Active Sync is a "device wipe" only and doesn't allow for targeted wipes.

there is NO WAY I would allow this. If they wanted to send emails to my phone they would have to provide me with a phone. to reiterate... NO WAY IN H3LL

LOL, you've got it backwards. In most situations it's the users that want to connect their personal phones to the corporate system so "if you want your work e-mail on your device, the you will abide by our policy and install whatever we tell you to".

But I do agree, I prefer a work supplied device that is dedicated as such. Unfortunately in my small consulting company that's not an option. And many larger companies are rapidly moving toward a BYOD (Bring Your Own Device) model...which I abhor and think is going to be hell to support for most IT departments. At my last job, we sent all the reservation agents home and told them to remote in from their home computers into a virtual desktop (VDI) to get their work done. As nice as that sounds, you end up supporting the users crappy home PC in some form or fashion no matter how nice of a VDI you have.

 

[BeeGood]

Unfortunately in my small consulting company that's not an option. And many larger companies are rapidly moving toward a BYOD (Bring Your Own Device) model...which I abhor and think is going to be hell to support for most IT departments.

Yeah I can understand how it's a pain for IT, but I LOVE BYOD as an end user. At my last job we had standard issue blackberries. Some people gave in and used them for personal use, but I hated the thing so had my iPhone and this clunky BB all the time.

My company splits the difference by limiting the device models that can be used, I think you can choose from 10 and currently they are either iphone or android devices. Makes it easier to support while still giving employees choices.

 

[calaverasgrande]

Good is one of the better MDMs which actually silos off your company data from the rest of the apps and such. Due to this, your employer is able to selectively wipe only the business related data when you separate.

The base Exchange Active Sync is a "device wipe" only and doesn't allow for targeted wipes.



LOL, you've got it backwards. In most situations it's the users that want to connect their personal phones to the corporate system so "if you want your work e-mail on your device, the you will abide by our policy and install whatever we tell you to".

But I do agree, I prefer a work supplied device that is dedicated as such. Unfortunately in my small consulting company that's not an option. And many larger companies are rapidly moving toward a BYOD (Bring Your Own Device) model...which I abhor and think is going to be hell to support for most IT departments. At my last job, we sent all the reservation agents home and told them to remote in from their home computers into a virtual desktop (VDI) to get their work done. As nice as that sounds, you end up supporting the users crappy home PC in some form or fashion no matter how nice of a VDI you have.

I'd also ad that most of the time employer supplied idevices are not the latest greatest. And commonly they are recycled until dead.

 

[Spacial]

BYOD has its pros & cons like anything else. There's nothing to be paranoid about. If it's your personal communications and data you're worried about, that horse already left.

 

[Geckotek]

My company splits the difference by limiting the device models that can be used, I think you can choose from 10 and currently they are either iphone or android devices. Makes it easier to support while still giving employees choices.

I always suggest this to companies...BYOD or not.

 

[mr91745]

The company I am with now uses mobile iron which essentially does the same thing and installs different profiles that allow me to get email but also allow IT to force you to use a password and gives them the ability to wipe your phone.

So does this mean Mobile Iron can access every part of your phone, all apps and data?

I have Mobile Iron on my iPad mini, and am wondering what limits -- if any -- my company has in accessing information on my iPad.

Thanks for any info you can share...

 

[Afbar1114]

I would never allow this to happen to my phone. if they wanted me to be able to access emails where ever i am they are either going to give me the phone and number or pay me for another line on my account. it seems that some profiles are allowed to see your data and which means other personal info that can be sued against you. almost like how employers are asking for Facebook passwords to get a job or keep a job.

I took a business class last semester where one of the students in there was getting her degree and a manager at the same time. The discussion came up of wether it was ethical for an employer to be allowed to ask for personal emails to keep track of you. I said no because what I do out side of my own time is my business and not the companies. She comes in and says that she wants to keep track of her employees. Her other response was if you have nothing to hide what is the big deal. The big deal is privacy which i would like to keep.

 

[lateralus1082]

Most corporate messaging departments are doing teh same or similar.
In the corporate entity I work for (who shall remain nameless)
we currently are prohibiting users from adopting IOS7 until it is vetted for Calendar event issues.
We also enforce lock code policy on all models of phone (BB & Android too)
It is not as draconian as it sounds.
Company emails are the IP of the company and often may contain sensitive info. Especially in broadcast, sports and banking (from my limited experience).
A lost phone can cause a lot of damage in the wrong hands. So lock codes and remote wipes are de rigeur.

they told us the same thing about iOS 7 and our email.


I bought a new 5S and have my email on the phone. They can call the cops, i don't give a fk

 

[Applejuiced]

there is NO WAY I would allow this. If they wanted to send emails to my phone they would have to provide me with a phone. to reiterate... NO WAY IN H3LL

Tell that to the millions of unemployed people looking for a job...

 

[Jalopybox]

Why do you want to get company emails on your personal phone? Will they pay you to work from home? Is that in your job description? If it is, tell them to provide you with a phone, don't use your own.

 

[Geckotek]

Why do you want to get company emails on your personal phone? Will they pay you to work from home? Is that in your job description? If it is, tell them to provide you with a phone, don't use your own.

While I agree, some companies don't give you a choice.

 

[blarivee]

Personally, I wouldn't use personal device for work related stuff If there was an investigation, your device might be confiscated as "evidence".

 

[oldhifi]

Phone

They should provide you with a company phone..

 

[calaverasgrande]

Why do you want to get company emails on your personal phone? Will they pay you to work from home? Is that in your job description? If it is, tell them to provide you with a phone, don't use your own.

And you will have along and fruitful career with a bratty attitude like that.

Ignoring an email at 5:05pm Friday until 9am Monday is a great way to go nowhere fast in your job.

----------

they told us the same thing about iOS 7 and our email.


I bought a new 5S and have my email on the phone. They can call the cops, I don't give a fk

do yourself and your colleagues a favor and turn off calender for that account.

Personally I'd rather have company email on my phone than have anyone from work actually calling me on time off.
Or texting!

 

[iBighouse]

I see that MDM allows for the System Admins to see a list of apps installed on the BYODs...is that apps list for only apps installed by the MDM, or even personal apps installed by the device's private owner???

I've joined our firms exchange server on my devices to get access to corporate email- is that then also granting them access to my apps list and giving them the ability to remotely wipe my iOS devices?

 

[Jalopybox]

And you will have along and fruitful career with a bratty attitude like that.

Ignoring an email at 5:05pm Friday until 9am Monday is a great way to go nowhere fast in your job.

----------


do yourself and your colleagues a favor and turn off calender for that account.

Personally I'd rather have company email on my phone than have anyone from work actually calling me on time off.
Or texting!

No, it' a great way to precedence of how to be taken advantage of by your employer. If you are worth your weight in salt, you don't need to become a slave to your phone and or emails By doing this you are laying the ground work for being taken advantage of. Grow a pair, set some boundaries. If you think not wanting to be bent over for the length of your career is bratty, you have some bigger issues to tackle I suspect.