iOS 9.3 Will Tell You If Your Employer Is Monitoring Your iPhone

An anonymous reader writes: Nobody likes being monitored. But even if you suspected your company is following your activities on the iPhone, would you know where to check? In the next iteration of its smartphone operating system, iOS 9.3, Apple is looking to make this an easier task. According to Reddit user MaGNeTiX, the latest beta of iOS 9.3 has a message telling users their iPhone is being supervised. The message is as prominent as can be, both on the device's lock screen and in the About section. "This iPhone is managed by your organization," the message on the lock screen says. And in the About screen, you get a little more detail, with a message saying your iPhone's supervisor can monitor your Internet traffic and locate your device.

You should already assume this

[JeffOwl]

My employer already has a notice on the lock screen about monitoring, but even if they didn't, anyone who has a device managed by their employer should assume it is being monitored unless proven otherwise.

Re:You should already assume this

[GlasgowKiddie]

I use my own laptop at work fortunately

Re:You should already assume this

[Creepy]

Mine does too, but they don't monitor everything. I know they don't listen in on calls, for instance. They do know everything you install on the device, though.

Re:You should already assume this

[unixisc]

Absolutely!!! This one is a 'Duh'!!!

Bottom line is - Who bought that iPhone? If it's you, then yeah, your employer has no business touching your phone w/o your consent. But if it's THEM - like it was for Syed Farook, then not only do they have all rights, but YOU should NOT be using it for non-work purposes.

Want a phone where you can plot Jihad and shooting up your entire workplace? Then get your OWN DAMN iPhone: don't use your employer's equipment to do it!

Re:You should already assume this

If you are attached to the corporate network, your activities are monitored. When you are on the property you are subject to all terms of employment and appropriate behavior and subject to appropriate punishment if violated.

Re:You should already assume this

[tlhIngan]

Bottom line is - Who bought that iPhone? If it's you, then yeah, your employer has no business touching your phone w/o your consent. But if it's THEM - like it was for Syed Farook, then not only do they have all rights, but YOU should NOT be using it for non-work purposes.

It's not so simple though.

Yes, if it's the employer's phone, it'll be monitored.

But remember, a lot of people are in the whole "BYOD" (bring your own device) thing where they may not even realize this is happening. So yes, the employees are consenting, but they may not realize just the extent of the consent they've given.

it's a very tricky topic since when you leave, they could remote-wipe your phone

Re:You should already assume this

[ripvlan]

Yeah - I don't understand this feature. not a terrifically detailed article.

Company provides cell phone. Company tracks device.

For BYOD - it would be useful to know WHAT the company is tracking. My employer allows BYOD with the installation of an App - and other than "we reserve the right to wipe device to protect company IP" - not much more is said regarding what the app does.

In the office they've installed a super SSL certificate that offers an "obsolete cipher suite" - so that they can view all content that originates in the office. Fair enough. But will they also do this for BYOD?

Re:You should already assume this

[kheldan]

If you are required to have a work phone then you should never, never, ever use it for your personal business. I certainly hope I don't have to tell any of you that!

Re:You should already assume this

[smartr]

Because paranoia, paranoia, paranoia? I mean shit, we are all capable of carrying 10 different devices for 50 different purposes, or you know - a single general purpose computer that maybe shouldn't be monitoring people off active work duty. Is the phone supposed to be part of some sort of ultra secure secret network? Why did it leave the ultra secure secret building? Does it actually make sense from a non corporate brown nosing perspective to actually monitor your employees whilst they take a shit? Secure the device, yes. Secure your own network, yes. But seriously, do employees need to bury their work devices under a rock while they have sex and have bowel movements? Does it really matter if, god forbid, on their own time, home, and network use a general purpose computer they don't own for the purpose of whatever?

Re:You should already assume this

[BarbaraHudson]

I agree. More people need to go "You want to install WHAT on MY phone? Get bent!"

Re:You should already assume this

[BarbaraHudson]

And since it's their phone, leave it at work when you leave. After all, it's their phone. Let them track it - all they'll find out is that you must have worked all weekend.

Re:You should already assume this

[kheldan]

..I'm not at all sure if you're agreeing with what I'm saying or not.

Do you mind if I ask you a question? Whether you think they do it or not: theoretically would it bother you if, assuming you used a company-owned device (smartphone, laptop, etc) at home, on your network and in your non-paid off-work time, for very, very personal things (watching porn, sexy chat with your girlfriend or wife, etc)? Or even for non-potentially-objectionable personal things (paying bills, making purchases, watching shows, etc)? Even for making plain old phone calls on a company-owned smartphone; do you want your employer knowing all the people you make personal phone calls to? What about if it has GPS? Are you OK with your employer knowing where you go in your off-hours, or would that bug you?

I ask you all this because in my experience many people really don't go too deep into these subjects, and very often when you make them think about it, they get rather uncomfortable.

Re:You should already assume this

[Sax+Russell+5449D29A]

That's rather creepy. In most civilized countries employers can not spy on employees because privacy is both a basic and constitutional right, protected "even" at work. Listening, for example. calls in most situations would be outright criminal, let alone reading emails sent by the employee without explicit written consent.

Re:You should already assume this

[smartr]

Yes, it bothers me if a company tracks these things. I think there's a certain degree of, if you leave what you're doing out in the open, you should be putting some effort forth to do some things privately. But to the extent of what should matter to a company should be that they can secure their company information and their hardware. I have both a company laptop and phone. Once upon a time I was actively using an iPod touch, a work smart phone, a personal smart phone, a work Mac Pro, a home laptop, a work windows desktop, a home windows desktop, a landline, a work landline, google voice, and a mac mini (and I'm not even counting my wife's devices or various server farms). You should try going through an airport with a load of these. Fuck that shit, they're not tracking me on most things (much less actively), and I'm not running a separate business on their hardware. I'm not going to steal their property. I'd be wondering what my coworkers were doing, tracking my personal movements, and I don't know what business I would have basically stalking my coworkers. In an emergency, it would actually be nice for my employer to track down my location. Phone companies log calls automatically (and give that information to your employer AND THE GOVERNMENT), and there's the "find my phone" when it gets lost. Never mind that conceptually, as a company, you don't really get to call things "ok for not business purposes too" without the potential for it to turn into some sort of Kafkaesque IRS nightmare. I have seen employers that basically want to GPS track their hourly employees though. That would be the time to form a union. I heard that a person lost their job for installing a pornhub app on their phone in the USA after Apple fucked up the data usage. I'd say the employer, Apple, and the phone company were being shitty. At the same time, there's also such a thing as https and privacy mode...

Re:You should already assume this

[pnutjam]

Most of those can be controlled a the device level.
Logging of network traffic?
keep it on your wifi or use a personal vpn.

phone calls, texts, are so insecure it's laughable, who cares if their watching those. The data is out there, but rarely analyzed.

Um, Duh?

[GrooveNeedle]

I mean, I like it when information is clearly communicated, but isn't it kind of a no-brainer that when your employer provides you with a phone that they are going to monitor its usage? Even if they don't, it should be the default assumption of the user that they do. Same thing with any desktop/laptop and internet connection they provide.

All this does is point out the obvious.

Now, if they had a message that told me my Service Provider was in some way monitoring my privately purchased/owned personal phone, that would be fantastic!

can they get in to your phone with out your pin?

[Joe_Dragon]

can they get in to your phone with out your pin?

You should but how many will?

[SuperKendall]

Sure it's obvious to technical people like us that a company issued phone is going to be monitored and administered remotely.

But how many non-technical people would know enough to assume that? It's for those people the prominent message can help them think twice before doing something with the company device they may regret later,

If you think about it, it's even helpful for technical people - because as you say, a technical user would assume a company phone would be monitored and controlled. So if you do NOT see this message on a company device you can ask your IT staff why the hell they are not using MDM to control the devices.

Re:You should but how many will?

[unixisc]

Why does one have to be technical in order to figure out that what s/he does on a company issued phone can be monitored by the employer? This much should be common sense, shouldn't it?

Re:You should but how many will?

[SirSlud]

If people had common sense, they wouldn't keep assuming things are common sense.

Re:You should but how many will?

[mccrew]

... on a company issued phone ...

Not just company issued phone. If you set up your personal device to check work mail, then it becomes subject to company policies, and is subject to monitoring and vulnerable to remote wipe. And the remote wipe clears the whole enchilada - your personal mail, your photos, your texts, everything - regardless whether it was corporate data or not. That part is not really obvious, and more people would care if they understood the full implications of checking work e-mail on their personal device.

Re:You should but how many will?

[SeaFox]

This much should be common sense, shouldn't it?

"Common sense" is another phrase for "knowledge it's assumed everyone has".
You're overestimating the intelligence of people -- even those in jobs posh enough where the company gives you a cell phone.

Re:You should but how many will?

[unixisc]

This one I agree w/ you.

I have 2 phones. One purely for personal use, another purely for work use (not issued by any employer, so b/w jobs, I keep using it for job searches & the like). My family doesn't know the number of the latter. My colleagues don't know the number of the first.

If any employer needed me to BYOD, I'd take the latter and let them do what they wanted w/ it. My personal photos & stuff wouldn't live there. That way, I leave one phone at risk, while playing merrily w/ the other. I have reset this several times, and will.

Re:You should but how many will?

[Frosty+Piss]

But how many non-technical people would know enough to assume that?

All people who are not complete morons understand that your work-issued phone could be monitored. There is a certain "snob appeal" to saying "well, not everyone is technical", but the reality is that this isn't really valid. Everyone with even just several brain cells know a work phone is not for surfing porn or "whatever".

This is a non-issue except for people that want to make issues were there are none.

Re:You should but how many will?

[NormalVisual]

I had a bit of a row with management a couple of years back over this. They wanted me to install Outlook on my personal phone, and I refused because of the remote management capabilities. I don't care who you are, it's not your phone and I'm not going to give you the ability to remote wipe it, monitor me, have access to passwords, etc. If it's important enough that I need to be able to be contacted via cell phone, then give me a company phone expressly for that purpose and don't be surprised if it gets left at home when I go out.

Re:You should but how many will?

[SuperKendall]

If you are given company pencil or pad of paper would you assume it is monitored? How is a tablet substantially different to a truly non-technical user, like a salesperson or secretary?

The point is some people truly have no idea what is possible, and/or are very naive.

Re:You should but how many will?

Why would any employer *need* you to BYOD, rather than merely accept that you're doing so? And if that's a legitimate need, why on earth would you agree to let them do what they wanted with it? My employer either accepts my usage of my device unmolested, or provides one to be molested at corporate whim.

Re:You should but how many will?

[vel-ex-tech]

You're completely out of touch.

Re:You should but how many will?

[Penguinisto]

Actually, it depends.

In my case, I get company email on my personal phone. I know for fact that they do not monitor anything on it (though they do have the ability to wipe the email off it, and require a PIN). I'm pretty sure they could have cranked up AirWatch (urgh) and gone all Big Brother on it, but in my own experience, most companies don't.

Usually, it's (ironically) cheaper in time, headaches, and in some cases even money, for the company to issue you, say, a Blackberry or similar cheap mid-range phone, and control the whole thing (especially when it comes to related legal issues outside of the US). Worked for a lot of corps where they issue you a phone, and you did absolutely *no* personal business/calls/etc on it, for any reason.

Re:You should but how many will?

[UnknowingFool]

But how many non-technical people would know enough to assume that? It's for those people the prominent message can help them think twice before doing something with the company device they may regret later,

Um, when you are at work, you can't do what you can at home . . . like nap in the middle of the day, wear pajamas, watch porn, whatever. This should be obvious to anyone much less those that are technical.

Re:You should but how many will?

[castionsosa]

Exchange/ActiveSync can be configured to have various policies be placed on one's device before it allows the device to download/sync mail.

One way to get around this is to use the Outlook app, or on Android, one of the other Exchange programs like Nine, Touchdown, RoadSync, or others, where if the organization decides to wipe the phone, just the app's data gets erased, not your entire device.

There used to be a company called Divide which made a decent product that was good at separating work stuff from one's usual items on a phone, but that disappeared into Google a few years ago. Ideally, it would be nice for virtualization to hit phones, so the work stuff can sit in a VM, well away from malware and other items that might get on a BYOD item.

Re:You should but how many will?

[BarbaraHudson]

"Hey boss, since we're communicating by email, I need your PIN so that I can wipe it "just in case." Just because you receive company email on your personal phone is no reason to give them the pin to your phone, any more than if anyone else sent you an email. If they don't like it, let them supply you with a company phone.

I don't know about you, but my phone comes with a data plan - I don't need to use an employers wifi, so that's another reason to tell them to put it where the sun don't shine.

And if it's important enough to bother me after hours, it's important enough to MAKE A CALL! Anything else can wait.

Re:You should but how many will?

[BarbaraHudson]

Either that, or someone with a power complex. Interestingly enough, an employer monitoring you off-hours without your specific consent is probably illegal. Now that more people will know, there may be more push-back as they start asking "WTF is this?"

Re:You should but how many will?

[youngone]

I had a bit of a row with management a couple of years back over this...

I'm the IT guy setting the company phones up for various staff. One of the managers decided he had a staff member who didn't quite warrant a phone, but needed to have access to email 24/7 (for some reason).

When the staff member told me to fsk off, and leave his personal phone alone I didn't press it. And yes, I explained webmail to the manager.

Re:You should but how many will?

[Dynedain]

A. Non-company issued phones may be monitored in some ways depending on how Exchange or other apps are configured
B. Company-issued phones may NOT be monitored, depending on how the company has set things up.

If my employer hands me a fresh boxed iPhone and says "have fun, here's the mail server settings", then there's a good chance my phone itself isn't being monitored.

My company doesn't use MDM and gives us fresh phones. Out of the box they are usable, and not monitored. However, we cannot setup mail/calendar/etc ourselves; we have to install a 3rd party app (MobileIron) which configures our account setup "securely". I have no idea whether MobileIron installs any kind of monitoring. I would suspect it does, but I have no visibility into what it is or is not monitoring, IT verbally told us when they handed them out: "We can see what apps you have installed, but none of your data, and none of your text messages, phone logs, etc".... For all I know, that's changed and I wouldn't receive any notification from MobileIron or IT about the change.

Of course I assume that the company may monitor and/or take away my phone at any time. So I keep things strictly segregated with my personal device (not having a unified calendar for personal and company schedules really sucks). But I am a power-user. The average employee will think "free iPhone paid for by work, sweet!" and proceed to load it up with everything personal they want to do and not hassle with multiple devices.

That makes the cynic in me think this is a ploy for Apple to get additional sales out of people who'd want 2 devices if reminded that their employer is watching.

Re:You should but how many will?

[pnutjam]

yeah, but all that personal stuff is backed up with rsync, right? Oh wait, you said IOS, not Android.

Re:You should but how many will?

[illtud]

Not just company issued phone. If you set up your personal device to check work mail, then it becomes subject to company policies, and is subject to monitoring and vulnerable to remote wipe.

Wow, I never knew K9 mail was so advanced!

Re:can they get in to your phone with out your pin

[b0bby]

No. This is for employer provided/managed phones.

Re:can they get in to your phone with out your pin

[Joe_Dragon]

so with an employer provided/managed phones you set you own pin switch to a new job and they are now SOL to get any info off of it.

Re:What?

[MobileTatsu-NJG]

Why would someone let your employer monitor YOUR iphone? I could see if they supplied it but not if it is mine.

Here ya go.

While it's not clear whether the message shows up for all types of monitoring, it's there for supervised devices set up through Apple's Device Enrollment Program, which is a way for companies to easily deploy a large number of corporate-owned Mac or iOS devices to employees.

Re:can they get in to your phone with out your pin

[Diss+Champ]

Yes, your employer can get into your issued phone if they set it up correctly.

This is one reason why the current well publicized FBI/Apple court order debate is stupid- if the government hadn't screwed up, they wouldn't need Apple's help to get into the phone they had issued. Given that the government screws up something simple like this, why should we believe they won't screw up at safeguarding the special software they want.

Even better

[PPH]

Include an alert if your phone has negotiated an unencrypted connection with the nearest "cell tower" (aka Stingray). Like my Motorola Razr v3 does.

Re:Even better

[ShaunC]

Is that a feature of the phone, or are you using an app to detect that? I played with AIMSICD for awhile, but I'm not sure it did anything other than drain the battery.

Re:Even better

[Mryll]

He might have been saying that the phone will negotiate the connection rather than warn about it

Re:Even better

[PPH]

It's a feature of the phone. There is an icon on the screen which displays the status of the link encryption. Since one mode of IMSI catcher operation is to negotiate an unsecured connection with a phone, it's an indication that you might not be talking to a legit cell phone tower.

How about tell us WHEN

[shaitand]

Instead of advising us our phones are monitored, which we already know, the device informs us when anyone actively uses these functions, especially remote access to the cam/mic. Locate notification should be an option but in practice many organizations would simply have automatic logging of this data and it would trigger every few minutes.

Re:How about tell us WHEN

[Solandri]

Instead of advising us our phones are monitored

Small flaw in your argument. If "your" phone is being monitored, it's not really your phone. It belongs to someone else, they are lending it to you, and it's their right to know what you're doing with their stuff. If you ask for features which the phone owner objects to, Apple is going to listen to the guy paying them for the phone, not the guy using the phone for free.

If you're that worried about other people monitoring your phone use, buy your own phone. If work requires you to carry their phone around 24/7 and you're worried about cam/mic/GPS tracking, just give them your personal phone number and turn your work phone off. Tell them if they need to contact you, to text you at your personal number, and you'll turn the work phone on long enough to communicate with them.

Re:How about tell us WHEN

[shaitand]

"Small flaw in your argument. If "your" phone is being monitored, it's not really your phone. It belongs to someone else, they are lending it to you, and it's their right to know what you're doing with their stuff."

First, no matter who owns the phone I have an expectation of privacy unless I'm at work. Second, you can bring your own device. Third, notifying me that they are monitoring does not prevent them from doing so, negating any relevance to whether or not they are entitled to do so.

"If work requires you to carry their phone around 24/7 and you're worried about cam/mic/GPS tracking, just give them your personal phone number and turn your work phone off. Tell them if they need to contact you, to text you at your personal number, and you'll turn the work phone on long enough to communicate with them."

That isn't a realistic option if someone doesn't care to be contacted on their personal number at inappropriate times such as on a personal day, a family emergency, or vacation. People at work tend to have a sense of urgency with regard to business and forget that you are only paid to pretend you share that feeling during a brief window of time. This is similar to how businesses pay me to pretend my direct report is my superior, in a limited set circumstances on a limited set of topics. In reality I have no superiors. A business has to pay people to listen to them much like some have to pay a prostitute to pretend they like them but paying someone to pretend you have authority or are liked does not make it actually true.

Re:How about tell us WHEN

[pnutjam]

How could you trust that's what it really does?

Re:can they get in to your phone with out your pin

[waspleg]

No. https://www.apple.com/business...

Re:Yeah.

[unixisc]

If my employer issued me a phone, I'd assume the answer to be yes. If I provided it, I'd dictate the terms.

Re:Not everyone is technically savvy

[unixisc]

Why? It's common sense. If you get something from your employer, they get to monitor it. If it's something you yourself provided, then you call the shots. What's so technical about it?

There's always a workaround...

[__aaclcg7560]

I worked at a company where the management team got very insecure about their positions and thought that the regular employees were out to get them. So they got a program to remotely monitor desktops. One morning my manager came running over to my cubicle to inform me that I wasn't allowed to look at Amazon on company time. And then he discovered that I had a breakfast burrito from the roach coach in hand, which meant I was on my break and I'm allowed to look at the Internet on my break time. So I told him to bugger off. Since the company next door had an open wireless access point, many of my coworkers used their PDA's to browse the internet to avoid using their PCs.

Re:can they get in to your phone with out your pin

[b0bby]

They can get into *their* phone, which they are letting you use, without your pin if they are doing it right.
They can't get into *your* phone, which you bought yourself and manage yourself, without your pin.

IOW - If your employer provides you with a phone, it's not really yours.

Re:can they get in to your phone with out your pin

[bws111]

Geez, the phone was not issued or owned by the FBI, it was owned by a county. The FBI and a county are in no way related, except that they both are part of governments (though not the same government). Why do you try to equate them?

To access their network

[sjbe]

Why would someone let your employer monitor YOUR iphone?

The employer may require it as a condition of letting you attach your device to their network. You don't have to let them monitor your phone but they don't have to let you access their network with it either.

Re:To access their network

[SeaFox]

Why would someone let your employer monitor YOUR iphone?

The employer may require it as a condition of letting you attach your device to their network. You don't have to let them monitor your phone but they don't have to let you access their network with it either.

Yup. Bring Your Own Device is just corporate new-speak for "externalizing equipment costs to our employees".

Re:To access their network

Our company does this. Recently they have been thinking about instituting a policy that you can only have corporate mail on it - no gmail, outlook.com, comcast, yahoo, whatever other email. Add on their 8 digit PIN requirement and it really comes down to "I just bought the company a phone" if you are foolish enough to BYOD...

Re:To access their network

[Frosty+Piss]

Why would someone let your employer monitor YOUR iphone?

The employer may require it as a condition of letting you attach your device to their network.

In this case, you tell your boss to *issue you a work phone*, and decline to do *work* on your personal phone.

Certainly you shouldn't be doing work on your personal phone without compensation.

Re:To access their network

[Nethead]

Yup. Bring Your Own Device is just corporate new-speak for "externalizing equipment costs to our employees".

But this then internalizes IT support costs for all those different devices. I'm glad the company I work for issues current iPhones with AirWatch MDM. It makes it so much easier to trouble-shoot.

Re:To access their network

[Tharkkun]

Our company does this. Recently they have been thinking about instituting a policy that you can only have corporate mail on it - no gmail, outlook.com, comcast, yahoo, whatever other email. Add on their 8 digit PIN requirement and it really comes down to "I just bought the company a phone" if you are foolish enough to BYOD...

A lot of companies are going this route because people are so damn negligent with their devices. The company I work for with 140k employees requires any smartphone hooked to our network/email to install an application that encrypts web/email traffic to our domains. If you're browsing to google.com or gmail it doesn't get encrypted. If you don't do this then you're not eligible to receive email on your device. If it's a corporate purchased phone then the entire device and all traffic is encrypted. In both circumstances there is also a kill switch in case your phone is stolen. This is how it works when you have intellectual property on your device.

Re:To access their network

[friesofdoom]

My company requested that I set up company email on my phone so that they could send me emails when i am not in the office (why the hell would i agree to that in the first place? Once i'm off the clock, it would have to be something so important that someone turns up at my door to tell me in order for me to care in the slightest, and in that case why would I need email?).

Then it turns out that in order to receive company email on my phone, I would have to give it to the IT department to let them install all sorts of security and god-knows-what-else crap on it.

Needless to say my answer was a slightly more PC version of "Go fuck yourself" than "Go fuck yourself"...

Re:To access their network

[aussiedood]

Why would someone let your employer monitor YOUR iphone?

The employer may require it as a condition of letting you attach your device to their network. You don't have to let them monitor your phone but they don't have to let you access their network with it either.

Yup. Bring Your Own Device is just corporate new-speak for "externalizing equipment costs to our employees".

Nonsense, BYOD was brought about by employees not their employers. People wanted to bring the latest gadgets they had initially bought for personal use into the work environment because they preferred them over the often comparatively ancient equipment which had been supplied to them by their employer.

Re:Not everyone is technically savvy

[unimacs]

Just because it's both technically possible and common practice doesn't mean it's actually done by every employer. Besides, as much as we tell people their Internet usage is being monitored, there are still folks who get busted doing stuff they shouldn't.

How to know the US government is spying on you ?

[stooo]

>> iOS 9.3 Will Tell You If Your Employer Is Monitoring Your IPhone

How to know the US government is spying on you ?
Get employed by the US government...

Re:Not everyone is technically savvy

[__aaclcg7560]

If you get something from your employer, they get to monitor it. If it's something you yourself provided, then you call the shots.

As an IT tech at Fortune 500 companies, I had this argument with users all the time. Most users believe that the PC on their desk belongs to them and them only. They will fight tooth and nail to prevent anyone from accessing their PC. I've explained to many users that their PC belonged to the corporation. If the corporation decides to replace their PC with pen and paper, they must use pen and paper — or find another job.

Re:What?

[wardrich86]

If you're on their network, it's fair game.

Your device + their network = monitoring

[sjbe]

If you get something from your employer, they get to monitor it. If it's something you yourself provided, then you call the shots. What's so technical about it?

There is a third option. You provide the device but want to access the employer's network with it. No sane employer would permit you to attach a device they didn't buy, approve or at least have the ability to monitor. You don't have to provide them access to the device but then you can't attach your device to their network either.

Re:Your device + their network = monitoring

[saigon_from_europe]

My employer has very simple solution for this. Only company's equipment allowed on Ethernet and Wi-Fi. But there is also a parallel WiFi network for guests and employees' private devices. Easy to implement, the best of both worlds.

Re:Your device + their network = monitoring

[ihtoit]

I run three networks - at home. One is airgapped (it's actually a cluster but it has no WAN link - this is by design), one is a firewall behind a firewall running the LAN (which is my own little corner of the internet, with mail and webservers, a couple databases and a torrent box), the other is the WPA2-secured wifi which is running on the forewall which is used by the rest of the house and any guests who (invariably) come round to drink my coffee and suck on my 200MBit cable.

Re:Your device + their network = monitoring

[ihtoit]

they get Nescafé and like it, I keep the good stuff for me.

Re:can they get in to your phone with out your pin

[__aaclcg7560]

Geez, the phone was not issued or owned by the FBI, it was owned by a county.

The FBI ordered the county technician to change the iCloud account password, doing the exact opposite of what Apple told them to do. In short, FBI stands for Fumbling Bumbling Idiots.

Re:This evil crap is also installed on user owned

[bws111]

An employer can't do a damn thing if you don't connect to their network and don't use the device on their property or their time.

Re:This evil crap is also installed on user owned

[mccrew]

This sort of crap is what helped bring down Blackberry.

Bzzzt, wrong. So very, very wrong. The Blackberry 10 series were specifically designed to have 2 secure and independent partitions - a personal partition and a work partition. When you would associate your device with your work account, the corporate admin would only have control over the work partition and your personal partition would be out of reach. Blackberry got 99 problems, but offering a secure device that protects a user's personal information from corporate overreach is definitely NOT one!

Re:What?

[Austerity+Empowers]

Why would someone let your employer monitor YOUR iphone?

If you get email and calendar (and other things) from your owrk on your iPhone, then you have agreed to let them do it. If you don't do those things, then you really should not have to let them do this.

Maybe something better...

[charles05663]

How about a big message saying this device is being monitored by the NSA, CIA, and FBI thanks to the likes like Senator Feinstein.

Re:What?

[Just+Some+Guy]

Why would someone let your employer monitor YOUR iphone? I could see if they supplied it but not if it is mine.

A previous employer told me I'd have to let them install some way-too-creepy MDM rootkit on my personal phone if I wanted to access corporate email from it. I asked if I'd be reimbursed for turning it into company hardware. When they said no, I explained that I would not be reachable from my personal phone so not to bother emailing or messaging me after hours. That is, if the situation didn't warrant them picking up a phone and calling me, then it could wait until the next business day.

They were surprised because that wasn't the standard answer, but I stuck to my guns. It's bad enough when you expect me to be available for routine work (not emergency! I'm always available for that!) at home on my own time, but you want to co-opt my personal equipment to enslave me to a virtual, omnipresent desk? No thanks.

Re:This evil crap is also installed on user owned

[Penguinisto]

Two easy answers that come to mind:

1) "Oh, I don't have a smartphone. Can you issue one"?
2) Go out and buy a cheap-assed-but-usable Huawei for $100, put it on Net10/MetroPCS/whatever, and use it only for corporate stuff. Write off the costs on your taxes.

Re:Not everyone is technically savvy

[__aaclcg7560]

And the corporation gets to find another employee, eat the recruiting costs, eat the on-boarding and ramp-up costs, etc.

Which is cheaper: keeping an employee who can't follow corporate policies or finding a employee who can follow corporate policies?

Re:What?

[saigon_from_europe]

If you're on their network, it's fair game.

No, it is legal, but it is not fair. Why are companies so obsessed with spying their employees, and why are you Americans so willing to accept it? Just because company is legally allowed to do something, it does not make it meaningful or acceptable. And what they believe that they could find there? Even if I want to harm them by using smartphone, I'd do it with my private phone and they cannot do anything without court order. Spying peoples phones is just waste of time and good way to make their employees hate them.

Not your phone, it is their phone.

[dsmatthews9379]

Oh Stan you silly man.

Read the screen grabs, http://imgur.com/a/Eb4yJ

[ This iPhone is managed by your organisation. ]

What sort of idiot would not already know this about a work phone? It is same for a work PC, and work land line, or even a room at work. Oh yeah Apple users...

Re:What?

[Tharkkun]

If you're on their network, it's fair game.

No, it is legal, but it is not fair. Why are companies so obsessed with spying their employees, and why are you Americans so willing to accept it? Just because company is legally allowed to do something, it does not make it meaningful or acceptable. And what they believe that they could find there? Even if I want to harm them by using smartphone, I'd do it with my private phone and they cannot do anything without court order. Spying peoples phones is just waste of time and good way to make their employees hate them.

Because your employer is paying for the phone and the service. If you don't like it then pay for it yourself. It's no simpler than that.

Re:What?

[saigon_from_europe]

Because your employer is paying for the phone and the service. If you don't like it then pay for it yourself. It's no simpler than that.

Yes, I agreed that they are allowed to do that. The question is what the sane person expects to find there?

Re:Not everyone is technically savvy

[__aaclcg7560]

I'm going to sue for intentional infliction of emotional distress and get 10 million in damages!

Good luck in finding an attorney since you don't have a case. Your employer provides the tools that are adequate to get your job done. If pen and paper gets the job done, you have nothing to complain about.

Re:What?

[djrobxx]

Why would someone let your employer monitor YOUR iphone? I could see if they supplied it but not if it is mine.

Typically because you want access to email and meeting schedules, but don't want to carry around two devices. At least at the last 3 big companies I worked for, they allow you to bring your own device, but the email gateways require you to allow the company to manage the phone so your email is protected by their security policies.

 

Re:What?

[ihtoit]

Because your employer isn't quite there yet in the trust that you won't broadcast trade secrets to the competition.
Hell, I wouldn't be, either. Nothing personal, it's the same for everybody. My data mining suite is my own proprietery design and its inner workings will remain a secret that I will take to my grave. Suffice it to say that the results speak for the design. Suffice it to say also that while I do research for others, they don't see the computer I perform the data crunching on.

When you've got something that innovative that certain companies would KILL to get their hands on purely to capitalise on it as an adverrtising tool rather than use it for hard research, well, yeah, I'd sooner put a hammer through the hard drive and all the backups than hand it over to Googingelpeeves.

Add too iCloud activation lock status page.

[sims+2]

They should add it to the damn icloud activation lock status page.

https://www.icloud.com/activat...

What good does that page do if it won't tell you it has a factory set MDM profile that can't be removed even if its not activation locked?

Come on apple what the fuck were you thinking?

Re:can they get in to your phone with out your pin

[smartr]

They can get into *their* toilet, which they are letting you use, without your any bolt-locks if they are doing it right. IOW - If your employer provides you with a bathroom break, it's not really yours.
FTFY

Re:can they get in to your phone with out your pin

[ihtoit]

Nope. Corp contracts have a backdoor PIN and the handset is usually SIM locked so you can't simply replace the SIM in a nine hundred Dollar company phone.

(been there with Vodafone).

Basically, if an employee leaves, you can brick the phone by calling the service centre with your company credentials and asking them to deactivate it. Then it's a simple case of calling the employee on an alternative line or even writing them and asking for the handset to be returned - then it's just a case of sending it back to be RMAd and returned factory fresh with a new SIM. Otherwise what they have is a worthless paperweight (since it would be covered under the group insurance policy anyway). Apart from that, remember calling digital voicemail on a landline? Same thing with a Voda corp contract: call the voicemail access for that handset and input the PIN, it gives you the call history for the last five calls (or however many you've set it to). There's all sorts of other stuff you can do.

Re:can they get in to your phone with out your pin

[gnasher719]

This is one reason why the current well publicized FBI/Apple court order debate is stupid- if the government hadn't screwed up, they wouldn't need Apple's help to get into the phone they had issued. Given that the government screws up something simple like this, why should we believe they won't screw up at safeguarding the special software they want.

If anyone had told them that the guy was going to kill 14 people, sure, they would have done that. But nobody told them. But if you think about it, IF they had the means of unlocking the phone at any time, then surely nobody would be stupid enough to leave incriminating information on their works phone.

And remember, this is one of three phones that the killer had been using, and two phones he smashed up completely before he got killed. So you can guess which phone did _not_ contain anything juicy.

The only effect in the fight of terrorism of enforcing MDM on all employees phones would be that terrorist cannot use a company phone for plotting terrorist acts but that they would be forced to buy their own phones out of their own pocket.

Re:This evil crap is also installed on user owned

[ihtoit]

nope. What killed Blackberry was their proprietery messaging system (which nobody else could access) and the fact that Apple had released the iPhone right around the same time RIM bombed, because the iPhone was everything the Blackberry wasn't: useful.

Re:But...

[ihtoit]

You're connecting over a public switching network. Assume it's being monitored and behave accordingly.

Re:Company Phone?

[ihtoit]

as long as the company picks up the bill, I would be fine with that - but they do it on their own SIM.

Re:What?

[BarbaraHudson]

There is no consent for that. They should only be able to get your PIN when they pry your phone out of your cold dead hands - and not even then. It's YOUR phone. You paid for it. Installing any application on your phone does not imply consent to let the app seller wipe your phone. Why should any business be different?

Re:What?

[BarbaraHudson]

No need to carry a second device at home. Let them give you a phone for work, and then leave it at work. After all, it's THEIR phone. "What's at work stays at work."

Monitored

[Smiddi]

"This iPhone is monitored by your friendly NSA, FBI and CIA,"

Re:This evil crap is also installed on user owned

[narcc]

The iPhone was many things, but useful it was, most assuredly, not. The lack of basic features like task switching and copy/paste put it well behind the competition on that front. It's why BBs outsold iPhone and Android handsets for years after you inexplicably believe they "bombed".

They're still leagues ahead of iOS and Android when it comes to management, privacy, security, and usability.

A smartphone is a handheld computer

[perpenso]

A smartphone is a handheld computer. I think even nontechnical people get that.

Re:This evil crap is also installed on user owned

[ihtoit]

BB didn't have copy/paste until the release of the 8000 series (2007/8) which had the requisite multitouch screens that the previous models lacked. Apple had it in the iPhone by March 2009 (announced for iOS 3). The iPhone 1 had a touchscreen in mid 2007. Six million units sold in thirteen months, which counted for nearly HALF the global smartphone market at the time, with Blackberry having taken SIX YEARS to sell the same number of units.

Raw comparison: Blackberry's flagship phone for 2008, the Bold 9000 based on a 624 MHZ Marvell PXA930, had GPS and a microSD slot and DIDN'T have multitouch (hence cut/paste) capability - it was in fact pretty fuckin' dumb for a "smart"phone. The iPhone 3G had: 412 MHz ARM1176JZF-S processor, but it also came with accelerometer, aGPS, multi-touch, proximity and ambient light sensors, Wi-Fi 802.11 b/g Bluetooth 2.0 + EDR, PowerVR MBX Lite 3D GPU, shipped with support for Microsoft Exchange (which Blackberry didn't), and soft upgrade option to iOS 3 or 4 for cut/paste (4 also got task switching and foreground priority, which Blackberry didn't get until the release of the 9000 series Storm at the start of 2009).

Winner: Apple. By a country mile. Unless all you wanted was something you could send text messages on.

Apple could have gone with something akin to the Nokia N-Gage, but it would have bombed just like the Nokia did. I mean, three million in four years, is not good even for a unit that tries to do everything and sucks at all of them.

Discloure and indemnity clause?

[nicoleb_x]

I"m surprised you don't have a standard form that explains that the employee has the right to opt out of the company's intrusive tracking of the use of a personal phone. And, the employee guarantees than no one under 13 years of age will be allowed to use the phone.

I've been an Apple hater for so long,

[jenningsthecat]

that I'm experiencing real cognitive dissonance right now. I've never liked their walled garden, and they were leaders in the 'you don't really own your hardware, we do' trend. But just recently they told the FBI to get stuffed, and now they're baking into their phones a warning when the user is being monitored. Apple as a 'good guy'? The sky is falling!

Part of me wonders if they're simply ahead of the curve, seeing a business opportunity in a populace fast becoming sick of having their privacy butt-raped over and over. Even if it is simply a case of anticipating and meeting market demand, here they are doing the right thing. So I have to say, (grudgingly), kudos to Apple for taking a stand against institutionalized invasion of privacy. Colour me conflicted...

Re:This evil crap is also installed on user owned

[narcc]

BB didn't have copy/paste until the release of the 8000 series

Nonsense. It worked fine on my 7290 (c. 2005), and the 6210 (c. 2003).

which had the requisite multitouch screens that the previous models lacked.

None of the 8000 series models had any sort of touch screen. The first would have been the 9500 series (c. 2008)

The iPhone 1 had a touchscreen in mid 2007. Six million units sold in thirteen months, which counted for nearly HALF the global smartphone market at the time

In 4Q 2007, Apple had captured a whopping 7% of the global smartphone market, and a healthy 25% of the U.S. market (well below RIM's 35%). Though by 1Q 2008, Apple had declined to 19%, while RIM had recaptured nearly 9%, holding 44% of the U.S. market. Analysts at the time attributed Apple's loss to RIM's gain. Looking at more recent figures, globally, Apple's share has declined from around 17% to 14% from 2Q 2012 to 2Q 2015. At no time has Apple held anything close to 50% of the market either in the U.S. or globally.

It doesn't look like you're going to say anything remotely true, so let's skip ahead to the weirdest part:

and DIDN'T have multitouch (hence cut/paste) capability

That is, your inexplicable belief that multi-touch is somehow a necessary prerequisite to copy/paste. My Palm Pilot didn't have multi-touch, yet had copy/paste. So has every smartphone and PDA I've ever owned (touch screen, multi-touch, and otherwise). So has every computer I've owned that had that as a feature of the OS. Further back, that feature was present in just about every word processor, no mouse or light-pen required.

Winner: Apple. By a country mile.

So it's was the productivity winner in your mind even though it was decidedly less useful than the competition, lacking basic features like copy/paste, task switching, and countless others the competing devices had years before?

See, that was the entire point. Whatever the iPhone was, and it was many things, it certainly wasn't a step forward in productivity. I mentioned two features (only one of which seemed to interest you at all) though there were many basic features it lacked. It was phenomenally successful (though dramatically less so that you seem to believe), but it was not successful because it made its users more productive.

Re:This evil crap is also installed on user owned

[ihtoit]

so you move the fucking goalposts. ::golf clap:: Well done.

This thread is done.

Re:This evil crap is also installed on user owned

[narcc]

Did I? My only claims were that the iPhone was not as useful as its competitors, as evidenced by its lack of basic features, and that it did not outsell BB during the period you claimed. Both of these claims are true. You countered with obviously incorrect and irrelevant nonsense, which I corrected.

Sorry to hurt your feelings, but reality is reality.