this post was submitted on 22 Jan 2024
678 points (94.5% liked)

People Twitter

5034 readers
1489 users here now

People tweeting stuff. We allow tweets from anyone.

RULES:

  1. Mark NSFW content.
  2. No doxxing people.
  3. Must be a tweet or similar
  4. No bullying.
  5. Be excellent to each other.

founded 1 year ago
MODERATORS
[email protected]
[email protected]
678
Would you give your phone’s password to your boss? (lemy.lol)
submitted 8 months ago by [email protected] to c/[email protected]
131 comments fedilink hide all child comments
 

https://social.joelle.us/@joelle/111798189218029748

you are viewing a single comment's thread
view the rest of the comments
[–] someguy3 5 points 8 months ago* (last edited 8 months ago) (3 children)

How does Android protect against this?

Also can you have different profiles for this? Would that require two SIM slots? I don't play around with profiles so I have no idea.

[–] [email protected] 28 points 8 months ago (2 children)

MDM admin here. I’m much more familiar with iOS, but newer versions of Android will completely sandbox work profiles from the personal side. Work stuff will be encrypted and the admins cannot access anything outside of that.

[–] [email protected] 15 points 8 months ago

Yep. Work profile and apps are completely disparate, and it's actually kind of tough to transfer any data across the boundary even if you wanted to. Any time I need to send a picture to my work Slack I have to remind myself to use the work profile camera app.

It's the same tech that powers the Secure Folder thing in Android devices. My older S8 was on Android 8 or 9 and still had this functionality, so I'm not sure how old you'd have to go to have a less secure setup.

I think this mastodon post is inaccurate.

[–] [email protected] 1 points 8 months ago

Surprised I had to scroll this far to find this!

[–] kryptonianCodeMonkey 5 points 8 months ago* (last edited 8 months ago)

I don't have an exhaustive understanding of how it works and limits data, but on my android, it essentially has two partitions, one for personal and one for work. They do not share data. In order to take and share a photo on my work Teams chat, it has to be taken either from within teams or with the camera app on the work partition. It cannot access my personal gallery. I have Teams on my personal partition from an old job that I still help out from time to time, and the same exact Teams app installed on my work partition. They are not connected in any way. The only thing that doesn't require me to put in a pin to access on my work parition are the notifications.

Most of the limitations I experience from my side are in my own access to work resources. I can't say with confidence that those same limitations go both ways. But it does seem like that is probably the case.

[–] [email protected] 2 points 8 months ago

Within the Intune MDM space, a separate partition is created on the device that essentially isolates work apps/data from personal apps/data. I, as a sys admin, have control over the "work" space, but no control over the personal side of things.

We don't have a very heavy handed approach to monitoring usage etc for mobile devices or even laptops and this has been the case with most of my previous jobs.

That said, I'm sure there are IT departments out there with a ton of staff and a big budget that can and will get quite granular with what you are doing on your devices (keylogging, etc)