Don’t pay attention to this Joelle person, she has no idea what she’s talking about (Or does and is spreading misinformation intentionally)
You literally can’t “just install an MDM” to your phone in the way that allows a company complete access to your device. Both iOS and Android require that either the device is new or the device is factory reset. Then and only then can the device have MDM enabled as a “Company Owned Device” e.g. complete access.
The other way, is through “Work Profiles”, it’s an isolated and sandboxed partition. The “Work side” has no access to anything on the personal side and the personal side has no access to anything on the work side. On Android the work side has its own Play Store, its own Chrome, its own apps. (In fact, if you’re rooted you can hijack work profiles for yourself if you want to install apps you’d rather keep isolated, like TikTok).
If I issue a wipe command to a phone with a work profile, only the work profile gets wiped and the personal side is untouched.
Hell, Android even gives you the ability to restrict the Work Profiles to work hours so all the work apps go dormant after 5
There’s also the option for MAM apps as well which I quite like as light touch management option for ios and android. Essentially limits control to select apps and even then just the company data in those apps.
We’re required to use a MFA app, but it has minimal access to the system. It literally just prompts for an “Is this you?” with a fallback to codes if the network connection goes down.
I also have Teams and Slack installed for team communication, but that’s optional and also has minimal access. Teams has an login helper thing installed as well, and I’m not really sure what it does, but it didn’t require any special permissions.
I suppose I could refuse, but that would just be a pain for everyone since I’d either need to use someone else’s device or they’d need to get one just for me. Seems kinda silly imo.
My last company wanted my phone to be connected to the Google Apps thing, but it allowed my boss to remote wipe, so I refused. It wasn’t required, and most people said no, but it was a thing they recommended fairly strongly.
So curious, did your job listing mention you needed to own a smartphone as a requirement? Feels like they are probably riding a line where this is made to “feel” required, but legally they are careful of their wording or they may have some issues with your local labor board.
No, but I’m in a technical role where pretty much everyone has one anyway. Our company culture is such that they’d find a workaround (e.g. provide a phone if needed).
My last role required a smartphone, and we got ~$50/month on our paycheck to pay for it. My current job doesn’t “require” anything, it’s just strongly recommended.
I think in that scenario, you could separately open an account with a cheap provider that includes a free, cheap phone and dedicate its use to only work. So yes, pain in the ass worth extra steps, but not a requirement to use your own phone.
I think it’s garage regardless, if they need you to have a phone, they should fully provide, but just pointing out that it’s legal fuckery on their part as it’s meant to confuse/scare people into thinking they don’t have a choice.
I worked in a place that required this, it was basically a time clock app, but it detected automatically if your phone supported work mode which allowed it to be basically sandboxed in it’s own virtual space., I’ve also run into school apps that do this
No we were contract workers, we traveled to different job sites so our clock in also had to be mobile. I mean you COULD do a clock in sheet if you downloaded it from the depths of their website and then filled it out and mailed it in weekly by snail mail buuuut
Which companies are requiring that employees install apps on personal devices? Feels like it should be illegal coercion if true.
Don’t pay attention to this Joelle person, she has no idea what she’s talking about (Or does and is spreading misinformation intentionally)
You literally can’t “just install an MDM” to your phone in the way that allows a company complete access to your device. Both iOS and Android require that either the device is new or the device is factory reset. Then and only then can the device have MDM enabled as a “Company Owned Device” e.g. complete access.
The other way, is through “Work Profiles”, it’s an isolated and sandboxed partition. The “Work side” has no access to anything on the personal side and the personal side has no access to anything on the work side. On Android the work side has its own Play Store, its own Chrome, its own apps. (In fact, if you’re rooted you can hijack work profiles for yourself if you want to install apps you’d rather keep isolated, like TikTok).
If I issue a wipe command to a phone with a work profile, only the work profile gets wiped and the personal side is untouched.
Hell, Android even gives you the ability to restrict the Work Profiles to work hours so all the work apps go dormant after 5
You can use Shelter to enable this functionality without root.
https://f-droid.org/packages/net.typeblog.shelter/
Even if she is factually wrong about everything isn’t it a good idea to get people to think more about what they put on their phones?
Yes, but not with lies.
Thank you for summing this up. Such a dumb post.
Exactly.
These services are containerised on personal devices so that its services can only be administered within the app container.
It has limited to no control over the phone itself or apps outside of its MDM container in the context of personal devices.
deleted by creator
There’s also the option for MAM apps as well which I quite like as light touch management option for ios and android. Essentially limits control to select apps and even then just the company data in those apps.
How do you schedule your work profile? I searched my settings for work profile related settings and don’t see anything like that. Pixel 7A
Here you go: https://support.google.com/work/android/answer/7029561?hl=en
This is nice thanks
We’re required to use a MFA app, but it has minimal access to the system. It literally just prompts for an “Is this you?” with a fallback to codes if the network connection goes down.
I also have Teams and Slack installed for team communication, but that’s optional and also has minimal access. Teams has an login helper thing installed as well, and I’m not really sure what it does, but it didn’t require any special permissions.
I suppose I could refuse, but that would just be a pain for everyone since I’d either need to use someone else’s device or they’d need to get one just for me. Seems kinda silly imo.
My last company wanted my phone to be connected to the Google Apps thing, but it allowed my boss to remote wipe, so I refused. It wasn’t required, and most people said no, but it was a thing they recommended fairly strongly.
So curious, did your job listing mention you needed to own a smartphone as a requirement? Feels like they are probably riding a line where this is made to “feel” required, but legally they are careful of their wording or they may have some issues with your local labor board.
No, but I’m in a technical role where pretty much everyone has one anyway. Our company culture is such that they’d find a workaround (e.g. provide a phone if needed).
My last role required a smartphone, and we got ~$50/month on our paycheck to pay for it. My current job doesn’t “require” anything, it’s just strongly recommended.
I think in that scenario, you could separately open an account with a cheap provider that includes a free, cheap phone and dedicate its use to only work. So yes, pain in the ass worth extra steps, but not a requirement to use your own phone.
I think it’s garage regardless, if they need you to have a phone, they should fully provide, but just pointing out that it’s legal fuckery on their part as it’s meant to confuse/scare people into thinking they don’t have a choice.
I worked in a place that required this, it was basically a time clock app, but it detected automatically if your phone supported work mode which allowed it to be basically sandboxed in it’s own virtual space., I’ve also run into school apps that do this
But there was no alternative clock in option if you refused or didn’t have a phone?
No we were contract workers, we traveled to different job sites so our clock in also had to be mobile. I mean you COULD do a clock in sheet if you downloaded it from the depths of their website and then filled it out and mailed it in weekly by snail mail buuuut