Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sprint Faces Backlash For Adding MDM Software To Devices (csoonline.com)

Posted by timothy on from the but-we-thought-you-wanted-that dept.

itwbennett writes: On Wednesday, Sprint customer Johnny Kim discovered an in-store technician adding MDM software to his personal iPhone 6 without prior notice or permission. Kim took to Twitter with his complaint, sparking a heated conversation about privacy and protection. One expert who commented on the issue told CSO's Steve Ragan that 'it's possible Sprint sees the installation of MDM software as an additional security offering, or perhaps as a means to enable phone location services to the consumer.' But, as Ragan points out, 'even if that were true, it's against [Sprint's] written policy and such offerings are offered at the cost of privacy and control over the user's own devices.' (MDM here means "Mobile Device Management.")

16 of 123 comments (clear)

  1. Nice summary! by Just+Some+Guy · · Score: 5, Insightful

    Credit where it's due: adding the definition of "MDM" at the end was a nice touch for those not already in the know.

    --
    Dewey, what part of this looks like authorities should be involved?
    1. Re:Nice summary! by Sowelu · · Score: 4, Informative

      I think you've forgotten how multidisciplinary Slashdot is. Hell if I've ever seen that acronym before.

    2. Re:Nice summary! by zlives · · Score: 5, Funny

      Man in Da Middle

    3. Re:Nice summary! by mitgib · · Score: 5, Insightful

      Credit where it's due: adding the definition of "MDM" at the end was a nice touch for those not already in the know.

      Perhaps, but going the extra step to define it for this audience is like having to spell out STD in a porn workers forum.

      Isn't it proper journalism practice to define acronyms on their first use, then continue on using the acronym through the remainder of the story? Doing it at the end does make it seems as I am splitting hairs, which I am not, as long as the acronym was defined, I understand it.

      --
      Being a spelling & grammar Nazi is a sign you do not poses the intelligence to contribute to the conversation
    4. Re:Nice summary! by __aaclcg7560 · · Score: 4, Funny

      If you think Slashdot is journalism, you got issues to work out.

    5. Re:Nice summary! by Opportunist · · Score: 4, Insightful

      To be fair, it's not far from what is considered journalism today.

      I mean, the difference between copy/pasting from other places to aggregate stories isn't that far from copy/pasting press agency reports and cutting it so the ad fits on the page.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  2. Everyone is blaming Sprint by Holi · · Score: 4, Insightful

    When Sprint has policies in place that actually forbid that action without a customer request. Isn't it more likely you have an unethical tech who is looking for future access to phones?

    --
    Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
  3. Not according to TFA by tomhath · · Score: 4, Informative

    Isn't it more likely you have an unethical tech who is looking for future access to phones?

    Reading the article (yea, I know) it seems Sprint gave him several different reasons why it was installed. None of which included rogue technician.

  4. How to tell if you may have MDM by plover · · Score: 5, Informative

    On your iPhone, go into Settings / General, select Profile, then look at the profiles that have been added. A stock iPhone has none. If you have an ISP who adds a cert that allows you to connect to their hotspots, you may see that here. If you have installed your company's MDM, perhaps a product like AirWatch, that will show up here. If you see something you don't recognize, that's when you need to do some research.

    Inside the profile you can view the certs it installed. A WiFi cert will list what it can do: be wary if it includes a proxy.

    --
    John
    1. Re: How to tell if you may have MDM by Kozar_The_Malignant · · Score: 4, Informative

      It's only visible if a profile has been installed.

      --
      Some mornings it's hardly worth chewing through the restraints to get out of bed.
  5. Re:I don't care how Sprint "sees it" by Holi · · Score: 3, Interesting

    Which is their stated policy. Personally I see this as some dissatisfied tech who planned on trying to access the phones later for pics and credit card numbers.

    --
    Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
  6. Re:I don't care how Sprint "sees it" by __aaclcg7560 · · Score: 3, Funny

    I had a job interview at a multi-billion-dollar company a few years ago. The IT department wasn't allowed to license anti-virus or anti-spyware utilities because the software companies weren't in the multi-billion-dollar league, as any purchase from a smaller company would be seen as an "endorsement" by the larger company. (The hiring manager made it sound like the Prime Directive from Star Trek.) The IT techs spent all their time manually removing spyware and viruses from laptops. Unless the laptop got hosed, they weren't allowed to reimage the laptop. I turned down the job offer.

  7. Re:I don't care how Sprint "sees it" by Darinbob · · Score: 3, Insightful

    If it's Sprint's phone, then Sprint should be the one paying for it.

  8. Re:I don't care how Sprint "sees it" by CanadianMacFan · · Score: 4, Insightful

    If the phone is part of a contract you are paying for the phone over a number of installments. Paying for a car by using a loan doesn't make it bank's.

    The provider's terms don't make the phone theirs either. Just like signing up to an ISP doesn't make your computer belong to that ISP or by getting a license for your car doesn't make it belong to the government.

  9. Who Says It's A Sprint-Owned Domain? by Dredd13 · · Score: 4, Interesting

    I'm going to go ahead and throw up a red flag. I don't think this is a Sprint owned domain. I think it's meant to LOOK like one, but I don't think it IS one.

    $ dig +short sprint.net ns
    ns1-auth.sprintlink.net.
    ns2-auth.sprintlink.net.
    ns3-auth.sprintlink.net.
    $ dig +short sprint.com ns
    reston-ns1.telemail.net.
    ns2-auth.sprintlink.net.
    reston-ns3.telemail.net.
    reston-ns2.telemail.net.
    ns1-auth.sprintlink.net.
    ns3-auth.sprintlink.net.

    The places Sprint hosts their "well-known" domains looks remarkably like it's a legitimate place. "wabaw.net", however?

    $ dig +short wabaw.net ns
    ns6.domainmonger.com.
    ns5.domainmonger.com.
    ns7.domainmonger.com.
    ns8.domainmonger.com.

    I'm going to propose a theory that the WHOIS data shows Sprint so that - if someone gets caught and folks go looking for someone to vilify, Sprint is the unwitting victim. But - in reality - it's sitting in some domain-registration that nobody official at Sprint has ever heard of, and someone's been building a network of phones that they control via MDM.

  10. Slashdot != Journalism by sjbe · · Score: 4, Informative

    Isn't it proper journalism practice to define acronyms on their first use, then continue on using the acronym through the remainder of the story?

    Slashdot isn't journalism. Slashdot is a debate forum that is kinda sorta vaguely topical. Nobody comes to slashdot for breaking news. They come to debate things and occasionally be informed with a viewpoint they might not have considered previously.