Figured someone on here would likely have some first hand experience with the topic.

My employer is migrating all of our staff off of Blackberrys and onto our choice of iPhones and Androids. I'll be going with an iPhone as I prefer the interface but I'm curious about what kind of access the company administrators in IT have to information sent to/from the device.

As with most devices I'm sure they can access all emails sent/received through my company account,wipe the device remotely, etc; but what about data sent through text messages, iMessage, personal email account information, app information, etc? Available to the IT group?

aka are they going to bust you for sexting?

Originally posted by BrknFngrs
Figured someone on here would likely have some first hand experience with the topic.

My employer is migrating all of our staff off of Blackberrys and onto our choice of iPhones and Androids. I'll be going with an iPhone as I prefer the interface but I'm curious about what kind of access the company administrators in IT have to information sent to/from the device.

As with most devices I'm sure they can access all emails sent/received through my company account,wipe the device remotely, etc; but what about data sent through text messages, iMessage, personal email account information, app information, etc? Available to the IT group?

you should be more worried about their ability to remotely activate GPS so they can see your location...

SeriouslyI, I wouldn't worry about it.

Originally posted by DeleriousZ
aka are they going to bust you for sexting?

These are the kind of things a guy has to know :poosie:

More so though; we just had an IT guy get canned for reading emails that he shouldn't have been (non-public information only select groups were privy to).

Got me wondering what all IT can actually access and for the record I keep a personal phone as well as my company phone to ensure privacy.

They probably had more access to all your stuff on blackberry through the BES server. I guess it depends what they use, if you are using "Good for enterprise" I think that just allows you to connect via vpn portal to see your mail, contacts, calendar. My company uses some sort of SaaS program that allows them to see everything on my phone, enforce password policies etc. I try and keep my phone pretty clean, dont go to to dodgy sites, dont sext or take naughty pics of the wife. I do play CoC and some other games on it and I dont care if they see that stuff.

It depends on they set up the iphones. Our work iphones have a profile downloaded that controls the security settings and allows the remote administrators to remotely add/delete programs and push through updates.

Whether that includes reading texts and emails no idea but I don't really care. I don't do anything bad but I do use my work phone as my personal cell (our plan is unlimited North America calling, unlimited international text, and 6gb of data) so it doesn't cost them anything for me to use it

I can speak from an iPhone perspective. First off, emails are stored/transmitted through the company's servers, so anyone with access to the servers can tap in and see what's going on. Doesn't matter what device you use, it's open for snooping.

Texting and iMessage on the iPhone is stored locally. We'll get back to that in a second.

For transmission, texts are sent/received through the carrier, so like emails, the carrier theoretically can go through all your texts. I don't think a company can call Telus and say "hey get me the history of the texts for so and so number that I own" without a court order (I could be wrong here). But that's something to think about if you're worried.

For iMessage (iPhone to iPhone texting in blue), they're encrypted and sent to Apple's servers. The encryption keys vary based on who, or which group you are messaging with, and is managed by Apple's servers. Theoretically, since Apple manages all these encryption keys, they can snoop, but good luck with that.

Back to local storage of texts and iMessages. When you set a password on the phone, you generate a unique encryption key that's stored locally on the phone. All your data is encrypted using this key. Even if the employer takes the phone back or secretly borrows it when you're passed out with a hooker, they won't be able to snoop on the messages unless they have your password.

When it comes to backups (where one could restore your backup and see everything), it's all sent encrypted and stored encrypted on Apple's servers through iCloud. It's all managed by your iTunes account, so if that's safe, you're safe.

Local backups via iTunes, you have an option that you need to explicitly set (it's off by default) to enable encrypted backups. This is in case they take your laptop, and restore your backup to snoop on your crap.

TL;DR - your texts are safe as long as you have a passcode set, don't give out your passcode, don't give out your iTunes password, and encrypt backups if using iTunes to backup.

Originally posted by pheoxs
It depends on they set up the iphones. Our work iphones have a profile downloaded that controls the security settings and allows the remote administrators to remotely add/delete programs and push through updates.

Whether that includes reading texts and emails no idea but I don't really care. I don't do anything bad but I do use my work phone as my personal cell (our plan is unlimited North America calling, unlimited international text, and 6gb of data) so it doesn't cost them anything for me to use it
Yes companies can send down settings, certificates and even apps, but none of the apps can access your email or messaging data (the API for that doesn't exist today). Things that can be accessed are contact lists, photos, etc, but it requires your permission to access that you have to grant, and can easily revoke in your settings. There is no security profile that can be sent down to bypass the permissions on items that can be accessed by a 3rd party app, or hide the fact that it can access it.

This is of course unless your company uses jailbroken iOS, in which case the IT department should be fired. :)

Originally posted by rage2
I can speak from an iPhone perspective. First off, emails are stored/transmitted through the company's servers, so anyone with access to the servers can tap in and see what's going on. Doesn't matter what device you use, it's open for snooping.

Texting and iMessage on the iPhone is stored locally. We'll get back to that in a second.

For transmission, texts are sent/received through the carrier, so like emails, the carrier theoretically can go through all your texts. I don't think a company can call Telus and say "hey get me the history of the texts for so and so number that I own" without a court order (I could be wrong here). But that's something to think about if you're worried.

For iMessage (iPhone to iPhone texting in blue), they're encrypted and sent to Apple's servers. The encryption keys vary based on who, or which group you are messaging with, and is managed by Apple's servers. Theoretically, since Apple manages all these encryption keys, they can snoop, but good luck with that.

Back to local storage of texts and iMessages. When you set a password on the phone, you generate a unique encryption key that's stored locally on the phone. All your data is encrypted using this key. Even if the employer takes the phone back or secretly borrows it when you're passed out with a hooker, they won't be able to snoop on the messages unless they have your password.

When it comes to backups (where one could restore your backup and see everything), it's all sent encrypted and stored encrypted on Apple's servers through iCloud. It's all managed by your iTunes account, so if that's safe, you're safe.

Local backups via iTunes, you have an option that you need to explicitly set (it's off by default) to enable encrypted backups. This is in case they take your laptop, and restore your backup to snoop on your crap.

TL;DR - your texts are safe as long as you have a passcode set, don't give out your passcode, don't give out your iTunes password, and encrypt backups if using iTunes to backup.

I don't think that is true for our phones as they can remotely remove the pass code... Here is the permissions for our iphone profile on our phones.

http://i.imgur.com/d7XbETF.jpg

Originally posted by pheoxs
I don't think that is true for our phones as they can remotely remove the pass code... Here is the permissions for our iphone profile on our phones.
Hrm, you're right, MDM does allow remote passcode removal now. I guess it's used for if an employee forgot their passcode, and requires a new passcode to be created within 60 minutes. Reverts back to the original passcode if no action is taken within 60 minutes.

In this case, before you hand the phone back, Settings, Erase All Contents and Settings. This will wipe your encryption keys off the phone and keep all the data encrypted and useless. I'll have to remember that if I ever get fired. :rofl:

Originally posted by rage2

Hrm, you're right, MDM does allow remote passcode removal now. I guess it's used for if an employee forgot their passcode, and requires a new passcode to be created within 60 minutes. Reverts back to the original passcode if no action is taken within 60 minutes.

In this case, before you hand the phone back, Settings, Erase All Contents and Settings. This will wipe your encryption keys off the phone and keep all the data encrypted and useless.

Yeah for sure, only issue I could see if I was laid off / fired and they remotely lock it so I can't get on and erase the phone before giving it back.

Originally posted by pheoxs
Yeah for sure, only issue I could see if I was laid off / fired and they remotely lock it so I can't get on and erase the phone before giving it back.
Jeeze MDM is much more advanced than when I first looked at it when I ran IT. You can remote lock, and set a new password remotely too, locking you out completely.

But yea, as long as you have the device in hand, you can still wipe it out completely using a DFU restore.

I think the OP only cares about in transit messages, we're going a bit further than that. But it's good to know what the company can do if they want to take your phone back.

Originally posted by rage2

Jeeze MDM is much more advanced than when I first looked at it when I ran IT. You can remote lock, and set a new password remotely too, locking you out completely.

But yea, as long as you have the device in hand, you can still wipe it out completely using a DFU restore.

I think the OP only cares about in transit messages, we're going a bit further than that. But it's good to know what the company can do if they want to take your phone back.

Ah, I'd forgotten about that thanks!

Thanks guys; exactly what I was looking for. Always nice to know what's happening in the background with the IT side. I'd never heard of MDM until this thread so that gave me a good source to read up on what's available to the IT guys and what isn't as well.

Originally posted by pheoxs


Yeah for sure, only issue I could see if I was laid off / fired and they remotely lock it so I can't get on and erase the phone before giving it back.

http://4.bp.blogspot.com/-SINKqhYkoCc/UGrrVFptfzI/AAAAAAAAJR4/f59-8AbM8dg/s1600/Capture.PNG

Come on guys, get a bit creative here. If you got fired/laid off from the company, do you really care about smashing their phone? Or you "lost" it? :rofl:

Originally posted by HiTempguy1
Come on guys, get a bit creative here. If you got fired/laid off from the company, do you really care about smashing their phone? Or you "lost" it? :rofl:

Some companies will hold your last paycheque until they get back any property (phones, laptops etc.) they assigned to you.

Originally posted by sputnik


Some companies will hold your last paycheque until they get back any property (phones, laptops etc.) they assigned to you.

As far as I am aware, that is illegal. An employee must be paid their compensation, no ifs/ands/or buts. Just like a company can't withhold compensation if you damage equipment/property.

Like I said, "it got lost". They try to access it, they will lock it/kill the phone, the end.

I'm just saying is all. I have (had) a company phone. Now they pay me an allowance for my personal phone. :dunno:

We had an employee leave his company-issued laptop at his cabin. 6 months of "go get it" requests were ignored. Then he quit, and we withheld the cost of his notebook from his final cheque.

Originally posted by The_Penguin
We had an employee leave his company-issued laptop at his cabin. 6 months of "go get it" requests were ignored. Then he quit, and we withheld the cost of his notebook from his final cheque.

Just because you can, doesn't mean it is legal. There is a large difference.

http://carl-wais.com/blog/?p=481

Ontario law, but its pretty standard across Canada.