this post was submitted on 22 Jan 2024
678 points (94.5% liked)

People Twitter

5283 readers
1407 users here now

People tweeting stuff. We allow tweets from anyone.

RULES:

  1. Mark NSFW content.
  2. No doxxing people.
  3. Must be a tweet or similar
  4. No bullying or international politcs
  5. Be excellent to each other.

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 25 points 10 months ago (2 children)

Yeah the whole thing is kinda dumb on both ends. From the employees perspective it's ridiculous to allow the company have any level of control over a device they own. From the company's perspective, why would you want to allow access and/or have information that's the company's property on a device the company doesn't own?

If I have a password for key company infrastructure stored on my personal phone, then the company fires me... well that seems like a problem a company would want to avoid. It could happen in any scenario, but significantly less likely if I have to turn in my company phone when my employment ends.

But hey the company saves a few bucks on buying phones and that helps the quarterly profits I guess.

[–] cm0002 12 points 10 months ago

That's the whole point of work profiles and company owned devices. This Joelle just has no idea what she's talking about.

You literally can't "just install an MDM" to your phone in the way that allows a company complete access to your device. Both iOS and Android require that either the device is new or the device is factory reset. Then and only then can the device have MDM enabled as a "Company Owned Device" e.g. complete access.

The other way, is through "Work Profiles", it's an isolated and sandboxed partition. The "Work side" has no access to anything on the personal side and the personal side has no access to anything on the work side. On Android the work side has its own Play Store, its own Chrome, its own apps. (In fact, if you're rooted you can hijack the work profiles feature for yourself if you want to install apps you'd rather keep isolated, like TikTok).

If I issue a wipe command to a phone with a work profile, only the work profile gets wiped and the personal side is untouched. An employer utilizing work profiles only has visibility and control within the work profile, the rest of the phone might as well not exist

Hell, Android even gives you the ability to restrict the Work Profiles to work hours so all the work apps go dormant after 5

[–] [email protected] 4 points 10 months ago

So with MDM, the company can essentially wipe that device remotely in the case that something like that occurs. Not that it's the best option. Still think companies should just provide the hardware. But that's the protection in that case.