this post was submitted on 07 Oct 2024
72 points (96.2% liked)
Asklemmy
44129 readers
232 users here now
A loosely moderated place to ask open-ended questions
Search asklemmy ๐
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- [email protected]: a community for finding communities
~Icon~ ~by~ ~@Double_[email protected]~
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I work in IT and have implemented quite a few MDM systems. For Android, a work profile will be entirely isolated personal data wise. IT can't see anything beyond the work walls, however, there are a few shared things.
If work enforces a tougher screen lock setting, it'll take precedence over your regular lock screen setting. You might also have a few other things change while it's active, like display time out (if work has a shorter setting).
We can also see certain shared info like device serial number, IMEI number, OS version, security update version etc. Depending on the configuration, GPS/location info can be obtained as well (via an force-installed policy app for example)
You can pause the profile at anytime which suspends ALL work profile app activity (So if there was an app they install that they could get GPS info from, that app would no longer be functional until unpaused again (no it can't "run in the background" and collect info on the background either, it's wholly suspended)) and the pause feature can be set on a schedule so if you have a 9-5 you can set it to that and avoid the whole "always available" problem.
I wish work profiles were more separate. My company's work profile ended up locking me out of my phone (including the personal profile) and forced me to wipe and start over with it. They disabled fingerprint unlock and required my unlock password to change monthly, and I got the periodic "you have to change your password NOW" notice while plugged into my car with Android Auto. I couldn't enter a new password and the phone never unlocked again.
I know, probably a super rare set of circumstances, but I'm not going to allow my work to root my phone again. They can buy me a phone if they need so much control.
Periodically rotating passwords is against NIST policy. Ask IT why the insist on using it when everyone, even the government, says it's insecure
Even hard shutdown and rebbot brought you into work profile?