This isn’t new. If you’re using a company-device, they can read everything you do on it. This has been true for many years. Clickbait headline.
Don’t use your company computer / phone / email / whatever to say anything you wouldn’t want your boss / HR / other to read.
kind of misleading article since it explicitly indicates this is for work managed devices
That’s a Forbes specialty
Okay? It’s a work device, you think that they aren’t already logging all of your stuff?
My job keeps insisting i install a “office partition profile” on my phone. Well i dont want 24/7 contact with them, and i dont want their mgmt shit all over my private device.
This article is more proof im not insane as the only holdout againt this mgmt partition.
If corporate wants something, they can provide corporate phones. I keep company and private strictly separate.
Yeah one of my clients right now is a major hospital in the area, they currently have work provided phones but they have been told that those are going away because they are too expensive for the it group to have. They’ve then been told that they are going to be using their personal cell phones and they need to install all this extra software on them. Most of these guys being in it have said no and you’re not putting your stuff on my phone and if you want this stuff then you can provide a phone for me. So it’s starting to become a showdown between finance and it. And I constantly reminded them that they are under absolutely no obligation to install anything work related on a private phone. In fact they don’t even need to provide their phone number for contact after hours. And I really hope that they stick to their guns but we’ll see most people end up folding in these types of situations.
They should say if mgmt can install software on my phone, thencwe can watch pron and play steam games on work devices.
I would maybe demand management first install my spy cameras in every room of their domicile including bathrooms and bedrooms and closets.
I would collect the data and sell it or give it away for free.
But what if I run into a weird masochist or exhibitionist who actually agrees? I wouldn’t want that kind of gamble in the end.
If your company provides you with a device to use for work, then you need to assume they can see anything you do on it, regardless of who makes it. It belongs to the company, not you.
That’s a good rule of thumb, but as a direct point of comparison, it’s not that bad with iPhones. Apple’s MDM protocol is very particular about what admins are allowed to control even on company-owned devices. For example, admins can’t see the Apple ID used on the phone and can’t grant apps screen sharing permission without user approval.
And we certainly can’t access iMessage.
Android is the same way with MDM managed profiles. Nothing in the personal profile can be seen by MDM. It goes as far as making you install apps twice, if you use them in both profiles. Even the clipboard can’t be used to copy from one profile to the other, and screenshotting the MDM profile is typically disabled.
Nothing about this is news to people who actually manage and use MDM, or unique to Android.
I’m pretty sure I have MDM on my device and I can definitely copy and paste from work apps to non work apps and vise versa.
This is a decision your MDM admin makes, at most of my jobs this has been disallowed.
“This applies to work-managed devices and doesn’t affect personal devices.”
While still not a fan of it, this is why you use two phones.
My company tells us not to expect privacy on work devices, period.
A lot, or at least some, companies install root certificates on your devices and route traffic through a proxy over their VPN meaning even things that should be encrypted by TLS they can see.
My younger coworkers think i’m some kind of insane boomer for carrying two phones…
I carry two phones. Work provides me with one. It goes on DnD mode as soon as I clock out.
Younger generation typically has no concern for data privacy and how much data they’re being milked of. There will be a time when they wish they listened.
In case anyone is reading this thinking “nah, there won’t be a time I wish I listened,” take it from me that I do. I worry a lot about the current political climate in the US and about talking about queer topics online. Like, obviously, today it sounds insane to worry about, but who fucking knows.
For fuck’s sake, they’re using period tracker apps to go after people for suspected abortions to charge them with “murder”.
There will be a time when they wish they listened.
yes, but my point isnt to say “haha!! I told you so!”… also, data mining isnt less of a threat on a “personal” device… just less potential damage to your professional life.
Yeah two phones two laptops are sadly becoming a necessity these days
Work provides a phone and laptop. Neither are touched after I clock out. But for the off-chance I need to do a work thing at home (filling out a forgotten time card entry, informing the team that I’m sick, etc), I have a separate and isolated “work” VLAN at home they can connect to.
“on managed devices”
For fucks sake, don’t text porn and shit on a company device.
The amount of people who treat work devices like their own is insane. When work is over my laptop is shutdown and closed. There’s no need for it to be on at all until I start working again. In a way I kind of get the corpo ITs reasoning why they’d want this, people messaging their friends and families from the same devices that have company secrets on them
Headline is bullshit. This is an archiving feature for sectors where the law requires employers to retain records of certain kinds of communications. It only applies to phones set up with mobile device management, and it displays a clear notification to the user that the conversation is being logged.
Here’s Google’s announcement.
An archiving feature that highlights a reality that many people arent already aware of - that encryption is meaningless if you dont have ultimate control of the device you are decrypting it on.
Well, if it’s a work phone, ita kind of expected.
A work phone is a liability for a company, so only do work stuff on it.
I mean it doesn’t take Google for them to get a copy of all your sms, it’s pretty effing simple with just the MDM software they use. Or a simple script to pull the SMS database every day and export it to CSV or excel, then import into a db.
How do I know? Because I’ve done this with my own phones since about 2010.
I work in government, and the “work on work phone” rule is sacred. If I do any work on my personal phone, my personal phone becomes subject to Open Records.
Starts? … I think Google has been sharing our data behind our backs like a school girl that promised to keep a secret
E2E encryption is useless if you don’t control the encryption method and storage.
Doing this when even apple does not handover such data is stupid on Google.
Each morning I wake up and think to myself, “what fresh new hell awaits me today?”
There are no caveats to this that can make me feel better about it. This is a normalization of what I already new to be true - that my phone has never actually been mine, and any controll I thought i had can and will be taken from me at any moment.
I mean if you own a work managed phone then that’s always been true. If the phone is yours then really this article doesn’t pertain to you.
In theory, sure - it’s only a concern if you have a work-managed device.
In concept, though, there are more parties with partial control/access to your device from whom you only have a tenuous protection at-best.
Normalizing the practice of automatic archival of encrypted communication is bad. I don’t think that’s a particularly spicy take. “They say it won’t be used except in these specific circumstances” is no better than a fig-leaf, especially when those types of promises have been repeatedly broken.
