Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Corrode

macrumors 65816
Original poster
Dec 26, 2008
1,006
2,300
Calgary, AB
Yesterday a friend mentioned to me that he would never put his work email on his personal iPhone because that gives them access to the rest of the phone. I thought that was a ridiculous concept as there's no possible way an email account would give permission for anything beyond that account, right?

Apparently I was very wrong. I use my personal phone to access my work email and calendar through our Exchange Server as it allows me to keep on top of things outside of work. I pretty much do it so I can be a better employee. After doing some research, this apparently gives my IT Department the ability to completely wipe my iPhone remotely.

How was I not notified of this when I added the account to my iPhone. Shouldn't iOS notify me that this is a possibility? I'm in a little bit of shock that such a simple thing could lead to big problems without me knowing.

This also begs the question: what else can my employer see on my personal iPhone? I can't seem to find any concrete answers on google.
 
Yesterday a friend mentioned to me that he would never put his work email on his personal iPhone because that gives them access to the rest of the phone. I thought that was a ridiculous concept as there's no possible way an email account would give permission for anything beyond that account, right?

Apparently I was very wrong. I use my personal phone to access my work email and calendar through our Exchange Server as it allows me to keep on top of things outside of work. I pretty much do it so I can be a better employee. After doing some research, this apparently gives my IT Department the ability to completely wipe my iPhone remotely.

How was I not notified of this when I added the account to my iPhone. Shouldn't iOS notify me that this is a possibility? I'm in a little bit of shock that such a simple thing could lead to big problems without me knowing.

This also begs the question: what else can my employer see on my personal iPhone? I can't seem to find any concrete answers on google.

I think you are misinformed.
 
I think at most they would be able to deny you access to your work data, but I don't see how they could wipe your entire phone. If you have a source, I would love to read it.
 
The group policies that you add to your phone when you connect to your employers exchange servers all them to wipe your phone.

My company makes it very clear that this can be done and if your phone is lost it needs to be done, that is call them before your carrier.

If you're worried about this occurring then don't use your personal phone to receive your work emails.
 
Yesterday a friend mentioned to me that he would never put his work email on his personal iPhone because that gives them access to the rest of the phone. I thought that was a ridiculous concept as there's no possible way an email account would give permission for anything beyond that account, right?

Apparently I was very wrong. I use my personal phone to access my work email and calendar through our Exchange Server as it allows me to keep on top of things outside of work. I pretty much do it so I can be a better employee. After doing some research, this apparently gives my IT Department the ability to completely wipe my iPhone remotely.

How was I not notified of this when I added the account to my iPhone. Shouldn't iOS notify me that this is a possibility? I'm in a little bit of shock that such a simple thing could lead to big problems without me knowing.

This also begs the question: what else can my employer see on my personal iPhone? I can't seem to find any concrete answers on google.
gives them access to the rest of the phone.
false

I use my personal phone to access my work email and calendar through our Exchange Server
Your first mistake.

this apparently gives my IT Department the ability to completely wipe my iPhone remotely.
Correct, well known, publicized and documented.

Shouldn't iOS notify me that this is a possibility?
It's your account, with your credentials, you are specifically adding this service to your handset. You should know the terms.

what else can my employer see on my personal iPhone?
Nothing. Where did you get that idea?

Try http://www.divide.com/ to authenticate to Exchange for work. Then all they can wipe is the content of the app.
 
  • Like
Reactions: T'hain Esh Kelch
you probably have some agreement that they have the right to wipe your phone. however, there is no way they can do it remotely without your login credentials.
 
They Can and They Will...

I work as the Network Administrator for a Rural Health Clinic and it clearly states in our Electronics Usage Agreement that every employee signs that if your phone or other mobile device receives any work information, including emails, that the device is therefore subject to company viewing at any time even without prior notice or warning. It also explains that the device, if thought necessary, can be wiped in either part or whole due to potential sensitive materials being seen, used or saved onto your device. This is very widely used and implemented in corporate settings, especially within health care organizations.
 
you probably have some agreement that they have the right to wipe your phone. however, there is no way they can do it remotely without your login credentials.

Incorrect, if the phone is syncing with the built-in Exchange Mail app the phone can be remotely wiped.

You can also wipe it yourself using the Outlook Web Access Portal.

Here is what it looks like to an Exchange Admin

lyBfB0b.png
 
  • Like
Reactions: T'hain Esh Kelch
this apparently gives my IT Department the ability to completely wipe my iPhone remotely.
Correct, well known, publicized and documented.

Shouldn't iOS notify me that this is a possibility?
It's your account, with your credentials, you are specifically adding this service to your handset. You should know the terms.

I'm not so sure about "well known". I've been an Apple nerd for ages seeking out every bit of knowledge I can find and I had never heard of this before today.

I'm not sure how I was supposed to know this before adding the account. It's a freaking email address! The ability for that to affect anything beyond emails on my phone seemed crazy to me.

Source, for those asking: https://discussions.apple.com/thread/3090996?start=0&tstart=0

http://technet.microsoft.com/en-us/library/aa998614(v=exchg.141).aspx
 
I work as the Network Administrator for a Rural Health Clinic and it clearly states in our Electronics Usage Agreement that every employee signs that if your phone or other mobile device receives any work information, including emails, that the device is therefore subject to company viewing at any time even without prior notice or warning. It also explains that the device, if thought necessary, can be wiped in either part or whole due to potential sensitive materials being seen, used or saved onto your device. This is very widely used and implemented in corporate settings, especially within health care organizations.

totally agree, but you can't do it remotely without the proper credentials.
 
Also, we don have any policies in place regarding this (I work for a small charity that lacks "officiality" in many ways) but I was just astonished at the mere ability to do this.
 
Yes, they can, I don't see them doing it without your consent.

If you're worried about it, remove your Exchange about from your iPhone.

They have no other access to anything on your phone.
 
It is based on policy's as mentioned by another poster.

When you setup work email on your personal device like a phone or tablet, your phone agrees to the rules put in place on the mail server set forth by your IT dept.

I do the same thing here for our company. I have rules in place that give me the ability to wipe the phone. It is like this as not to be mean, but since your device has company information on it and if you lose it or someone steals it, the company doesn't want to be held liable for something that could get into the wrong hands, like someones SS# or other personal info. So that is why security is in pace on our mail server, which requires the user to have to enter in a PIN code an so forth. And along with the security rules comes remote wipe.

Now I do make my employees sign a waver acknowledging this. And then there device is added to the list of approved devices on the server and then they can proceed with email on their phone or tablet.

Your IT dept should have notified you of what is at stake here. I do with every employee that requests email on their mobile device.

I have only had to remote wipe once due to a user quitting and going to a competitor and they tried to keep the phone and the phone number (like we wouldn't know), so I sent out the remote wipe command and was alerted that it was complete and then I had the number shut off. (this was a company phone).

But like I said, I alert all employees of this policy and make them sign a waver, so they have nothing to gripe about if it ever did happen. And our employees simply cannot just enter in our work information on their mobile device to gain access to our email, the device has to be approved and their Device ID has to be entered into the system.

And most likely your employer cannot see anything on the phone, just that the phone is receiving company email.
 
A "court" could also seize your phone if they need access to work data (email is data) on it and you could actually lose your phone for ??? amount of time.

It is all in the agreement we sign to put work stuff on it.
 
I guess the responsibility is on the IT department to inform employees of this, which they obviously failed to do so. I will encourage my employer to develop some policies around this.

However, it's clearly a surprise to many people. Did you see the first two replies to this thread? I'm sure many people have no idea this can be done.
 
totally agree, but you can't do it remotely without the proper credentials.

Correct. That is why at our company only Administration and Managers are allowed to have their company email accounts setup on their phone. Since they own the phone we simply just lock down their capabilities via our Exchange server; if needed we can forceable remove their access from their email on mobile devices, thereby preventing them from accessing their email account. On the other hand, if our company has purchased the individual a company iPhone we always setup the phone via Apple Configurator with a generic used Apple ID. That way we can say who's email gets put on it, see where the phone is at all times, lock it when we need to and even remotely wipe it... We are a health services organization so we lock everything down as much as possible to protect patient information.
 
Hey guys:

I didn't read any of the stuff I signed but it seems I made a chimpanzee power of attorney over my estate...

I'm trying to get it tossed in court but this chimp reads EVERYTHING and now he has access to my entire life.

Yikes I'm screwed.

If only I had read what I signed/agreed to.

Let this be a lesson to you all...

:mad:
 
Well I am glad I read this thread. I will never put anything work on any of my personal devices. Further, I will avoid Exchange and all things Microsoft as best I can.

And in some way I feel like "Shame on you Apple for allowing this."
 
Last edited:
I'm not so sure about "well known". I've been an Apple nerd for ages seeking out every bit of knowledge I can find and I had never heard of this before today.

I'm not sure how I was supposed to know this before adding the account. It's a freaking email address! The ability for that to affect anything beyond emails on my phone seemed crazy to me.

Source, for those asking: https://discussions.apple.com/thread/3090996?start=0&tstart=0

http://technet.microsoft.com/en-us/library/aa998614(v=exchg.141).aspx

1) mistake 1 - Don't connect your personal phone to the work email
2) use the web mail portal that all companies have if you must check email when you are not in the office.
 
Hey guys:

I didn't read any of the stuff I signed but it seems I made a chimpanzee power of attorney over my estate...

I'm trying to get it tossed in court but this chimp reads EVERYTHING and now he has access to my entire life.

Yikes I'm screwed.

If only I had read what I signed/agreed to.

Let this be a lesson to you all...

:mad:

Don't be a douche.

You ALSO clearly didn't read the rest of the thread as I didn't sign anything and we have no policies regarding email on personal phones.

Before going around thinking you're smarter than everyone, maybe you should do some research. It might prevent you from looking like such an @ss.
 
Well I am glad I read this thread. I will never put anything work on any of my personal devices. Further, I will avoid Exchange and all things Microsoft as best I can.

And in some way I feel like "Shame on you Apple for allowing this."

It is just not Microsoft, this can be done with all sorts of mail systems.

Best thing to do is ask your employer about this sort of thing before you proceed. Or make them provide you with a company owned phone.

We have company phones and allow employees to use their own phones. And security is the same on all devices. But everyone is made aware of this up front. And its not to be mean (although there are some users who I would love to do this too lol), it is for security, in the event the phone was lost or stolen, we don't need someone picking it up and gaining access to confidential information. And our security works on BlackBerry's, Windows Mobile, Android and Apple.
 
If you link your iPhone to an Exchange Server via Active Sync, the employer can indeed send a command to wipe your phone. I'm an IT admin and just did that last week for an employee who had their phone stolen.
 
This is why I don't have my phone connected to my work email/calendar. I log in via the web client. I also read an interesting article too that if your company ever gets sued that your device can be confiscated and considered evidence. I often wonder why would I want to use my personal device, and data plan that I pay for, for work? I will read my emails when I get to the office.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.