This isn’t new. If you’re using a company-device, they can read everything you do on it. This has been true for many years. Clickbait headline.
Don’t use your company computer / phone / email / whatever to say anything you wouldn’t want your boss / HR / other to read.
Okay? It’s a work device, you think that they aren’t already logging all of your stuff?
kind of misleading article since it explicitly indicates this is for work managed devices
That’s a Forbes specialty
My job keeps insisting i install a “office partition profile” on my phone. Well i dont want 24/7 contact with them, and i dont want their mgmt shit all over my private device.
This article is more proof im not insane as the only holdout againt this mgmt partition.
If corporate wants something, they can provide corporate phones. I keep company and private strictly separate.
Yeah one of my clients right now is a major hospital in the area, they currently have work provided phones but they have been told that those are going away because they are too expensive for the it group to have. They’ve then been told that they are going to be using their personal cell phones and they need to install all this extra software on them. Most of these guys being in it have said no and you’re not putting your stuff on my phone and if you want this stuff then you can provide a phone for me. So it’s starting to become a showdown between finance and it. And I constantly reminded them that they are under absolutely no obligation to install anything work related on a private phone. In fact they don’t even need to provide their phone number for contact after hours. And I really hope that they stick to their guns but we’ll see most people end up folding in these types of situations.
Each morning I wake up and think to myself, “what fresh new hell awaits me today?”
There are no caveats to this that can make me feel better about it. This is a normalization of what I already new to be true - that my phone has never actually been mine, and any controll I thought i had can and will be taken from me at any moment.
I mean if you own a work managed phone then that’s always been true. If the phone is yours then really this article doesn’t pertain to you.
In theory, sure - it’s only a concern if you have a work-managed device.
In concept, though, there are more parties with partial control/access to your device from whom you only have a tenuous protection at-best.
Normalizing the practice of automatic archival of encrypted communication is bad. I don’t think that’s a particularly spicy take. “They say it won’t be used except in these specific circumstances” is no better than a fig-leaf, especially when those types of promises have been repeatedly broken.
Don’t worry, it seems like it’s just scaremongering: this is for managed work phones which you should only have been using for work stuff anyway
If your company provides you with a device to use for work, then you need to assume they can see anything you do on it, regardless of who makes it. It belongs to the company, not you.
That’s a good rule of thumb, but as a direct point of comparison, it’s not that bad with iPhones. Apple’s MDM protocol is very particular about what admins are allowed to control even on company-owned devices. For example, admins can’t see the Apple ID used on the phone and can’t grant apps screen sharing permission without user approval.
And we certainly can’t access iMessage.
Android is the same way with MDM managed profiles. Nothing in the personal profile can be seen by MDM. It goes as far as making you install apps twice, if you use them in both profiles. Even the clipboard can’t be used to copy from one profile to the other, and screenshotting the MDM profile is typically disabled.
Nothing about this is news to people who actually manage and use MDM, or unique to Android.
I’m pretty sure I have MDM on my device and I can definitely copy and paste from work apps to non work apps and vise versa.
What MDM is your company using? My work iPhone is provisioned with Intune MDM software and does not allow copy/paste between work apps and non-work apps.
Then it all depends on exactly how you have those apps installed whether you’re installed them under the exact same profiler if they were actually installed by the two different profiles.
This is a decision your MDM admin makes, at most of my jobs this has been disallowed.
well as long as it’s not my employer that can see it, and it’s just the government, I guess it’s okay
“This applies to work-managed devices and doesn’t affect personal devices.”
While still not a fan of it, this is why you use two phones.
My company tells us not to expect privacy on work devices, period.
A lot, or at least some, companies install root certificates on your devices and route traffic through a proxy over their VPN meaning even things that should be encrypted by TLS they can see.
My younger coworkers think i’m some kind of insane boomer for carrying two phones…
I carry two phones. Work provides me with one. It goes on DnD mode as soon as I clock out.
Younger generation typically has no concern for data privacy and how much data they’re being milked of. There will be a time when they wish they listened.
In case anyone is reading this thinking “nah, there won’t be a time I wish I listened,” take it from me that I do. I worry a lot about the current political climate in the US and about talking about queer topics online. Like, obviously, today it sounds insane to worry about, but who fucking knows.
For fuck’s sake, they’re using period tracker apps to go after people for suspected abortions to charge them with “murder”.
I grew up saying that abput my own generation, and my parents, and their parents…
There will be a time when they wish they listened.
yes, but my point isnt to say “haha!! I told you so!”… also, data mining isnt less of a threat on a “personal” device… just less potential damage to your professional life.
Yup I agree.
Yeah two phones two laptops are sadly becoming a necessity these days
Work provides a phone and laptop. Neither are touched after I clock out. But for the off-chance I need to do a work thing at home (filling out a forgotten time card entry, informing the team that I’m sick, etc), I have a separate and isolated “work” VLAN at home they can connect to.
That’s why I also have a thunderbolt dock with built in kvm switcher and a dual laptop vertical stand 😃
I knew Kevin Gates was on to something
Headline is bullshit. This is an archiving feature for sectors where the law requires employers to retain records of certain kinds of communications. It only applies to phones set up with mobile device management, and it displays a clear notification to the user that the conversation is being logged.
Here’s Google’s announcement.
An archiving feature that highlights a reality that many people arent already aware of - that encryption is meaningless if you dont have ultimate control of the device you are decrypting it on.
Headline may be bullshit, but nobody cares.
Pitchforks! Get yeeer pitchforks! Two for a paaaand!
“on managed devices”
For fucks sake, don’t text porn and shit on a company device.
The amount of people who treat work devices like their own is insane. When work is over my laptop is shutdown and closed. There’s no need for it to be on at all until I start working again. In a way I kind of get the corpo ITs reasoning why they’d want this, people messaging their friends and families from the same devices that have company secrets on them
Well, if it’s a work phone, ita kind of expected.
A work phone is a liability for a company, so only do work stuff on it.
I mean it doesn’t take Google for them to get a copy of all your sms, it’s pretty effing simple with just the MDM software they use. Or a simple script to pull the SMS database every day and export it to CSV or excel, then import into a db.
How do I know? Because I’ve done this with my own phones since about 2010.
I work in government, and the “work on work phone” rule is sacred. If I do any work on my personal phone, my personal phone becomes subject to Open Records.
E2E encryption is useless if you don’t control the encryption method and storage.
Doing this when even apple does not handover such data is stupid on Google.
Starts? … I think Google has been sharing our data behind our backs like a school girl that promised to keep a secret
What data do they share beyond the stuff you told them they can share?
As I have said to my coworkers: do not use government systems for personal communications.
the perfect showcase about the security guarantees of E2EE. It’s important, but it won’t save you if “your” phone is programmed to snitch on you. same thing applies to screen reader AIs, and whatever you grant accessibility permissions or the assistant app role.
fun fact: on most googled phones the google assistant app is by default, without approval, set as the assistant app, and it has access to screen contents. I don’t know if it has that access all the time, maybe only when you are baited to open it by long pressing the home button or trying to turn off your phone with the power button.
Another thing i found is that green dot does not indicate that microphone is being used. If microphone permission is enabled in system settings, google assistant will have a constant access to microphone, without showing green dot. And even if on pixel microphone permission can be disabled, on most other phones, there is no a system setting to do that. I dont know if its just a toggle which was removed, or a feature entirely, but it does no tchange the fact that on that phones, microphone is accessed at all time.
