Everywhere is full of degenerates.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
What access does my company have to my personal iPhone?
- Thread starter ghsDUDE
- Start date
- Sort by reaction score
No, they can’t
For more access the device needs to be ”supervised” and that can ONLY happen if the device is registrered for ADE (requires proof-of-purchase for the org) and reinstalled via ADE.
Usually everyone on MacRumors trusts Apple 110% but not in this case? 🤔
Guessing now but it might be that Macrumors readers don't see it as "trust Apple", its prob more a "I don't trust my company" thing.
I would just leave my phone at home before I let any employer install their software on my phone. I can’t believe people let companies take control of their phones
Last place I worked gave employees a monthly stipend for their phones so they could be reachable at home. When company took away stipend for non-executive employees- we rebelled. No one would allow their phones to be used for work purposes. I mean everyone stopped allowing it
Talk about a cheap stupid policy backfiring! Haven’t executives heard that expression “loyalty is a two-way street”? Or are they all just stupid?
Talk about a cheap stupid policy backfiring! Haven’t executives heard that expression “loyalty is a two-way street”? Or are they all just stupid?
Are they paying for your phone? No? **** them.
Last edited by a moderator:
Seemingly the OP wants to use their personal phone for work and doesn’t want to use a second work phone.
I could be mistaken about that (it wasn’t directly said), but that’s how I read the OP’s first sentence.
You’re right, he doesn’t want two phones. But if he’s hell bent on not using two phones, he has to deal with what his company installs.
Installing a BYOD MDM profile only allows the company to control company apps, not the entire phone. Access to company apps could be blocked if the OS version is out of date, for example. For full control, a device has to be company owned and in a “Supervised” state. This would never be the case for an employee owned phone. Apple has designed this system to protect the employee’s personal data if they so choose to use their personal device.
Apple isn’t any different in terms of its fundamental property compared to other companies: for profit and maximise profit. I do trust Apple a little bit more compared to Google but not by a wide margin. It’s like 40% vs 40.5%.
As for ADE, I bet most who visits Apple Store at some point notices some of their heavily managed devices compared to demo devices. Almost everything can get locked down. It would be amazing if some of those managing capabilities are available to more advanced users and more IT admins.
It is normal, but not a given.
MS Outlook and Teams have pretty robust capabilities to integrate with InTune and apply security at the application level. Admin can enforce MFA and the like for the application and being that you will be using a work account, controls on password and other access policies such as location based can be enforced. If your business is just offering these apps, you may not need a device to be fully MDM managed.
Many apps don’t support such controls by an MDM, so to ensure the integrity of data additional control may be needed to manage the device to enforce PIN policies and the like for a device. It may also be desirable in situations where you want to support things such as pushing certificate based network config and the like to a BYOD device. Enforcing security updates is also another consideration.
Whether the full MDM is necessary or not depends on what services are being offered and the assurance the company is after.
I was surprised to see most comments as well. A simple download of Apple Configurator shows everything possible with MDM, it's not as crazy as other users are making it sound.
This is literally answered in your first, second, and fifth screenshots. What makes you think we wanna read them if you won't? I don't know about you, but I read what's in front of me if I'm concerned about it.
I personally don't use corporate MDM on personal devices. My last company required all onsite devices be "in compliance", so I set up MDM on a phone I left at home, and continued using my phone at work as normal. This was generally to listen to media while I work. I didn't need access to company information on my phone. I'm not sharing my phone with work.
Ok, so after more thought I decided to delete it off my phone. I removed the Management Profile from my phone, did a complete factory reset and set me iPhone up as new. Here’s a screenshot of what it shows now…
1. Is it safe to assume my company no longer has access to my device?
2. Is it possible my company got all the information off my phone in a day? I’m not sure if it starts tracking from the minute it’s installed or backdates everything so it has the entire phone history?
Thanks for the advice and feedback.
Last edited:
Another vote for taking it off! Mainly because cos most of us get inappropriate jokes sent to us via what’s app or iMessage and could easily be spied on etc.
Also the work life balance is a thing of beauty when you can fully switch off. My wife works 70 hour weeks and is glued to her phone.. she just said how good it is being fully switched off and in relax mode
Also the work life balance is a thing of beauty when you can fully switch off. My wife works 70 hour weeks and is glued to her phone.. she just said how good it is being fully switched off and in relax mode
The factory reset may have been overkill. Your company no longer has access to the device. The answer to your second question would depend on whether your company retains logs, and what their policies are for data deletion. Unless you're a suspicious employee (and in such case, why would they keep you if it's bad enough) I doubt your company was jumping at the sight of your device enrollment. It looks like you removed the screenshots from your original post. It's possible your company scraped all of the data present in those disclaimers, but it's unlikely. If anything, they received device identifiers, and saw your traffic from the day in question.
What you accepted according to your screenshots are now in the company MDM.
Incredible that people don’t trust Apple on this one. MDM is built from the ground up for just these BYOD situations. Actually, when you apply a BYOD MDM profile the phone is ”split in two” to make sure the ”company” has no access to the private parts.
What info can your organization see when you enroll your device?
Describes the information on your enrolled device that's visible to your organization.
learn.microsoft.com
Lot of fear-mongering in this thread.
Last edited:
I’d never allow any company to install something on my own phone.
Ask for a work phone. Or go without
Ask for a work phone. Or go without
My company posed me with the same question. Take this phone that we’ll pay for the phone and the service for it, plus you can use it for tethering when working OR Give us full access to your personal device.
I chose the former. Even if MY company means no harm, my phone and it’s data could be a part of a legal proceeding brought by some OTHER company that’s just going on a fishing expedition.
EDIT:
And I should add that, even if there’s nothing considered illegal or relevant to the case, just having that information public would be annoying at least.
I chose the former. Even if MY company means no harm, my phone and it’s data could be a part of a legal proceeding brought by some OTHER company that’s just going on a fishing expedition.
EDIT:
And I should add that, even if there’s nothing considered illegal or relevant to the case, just having that information public would be annoying at least.
Last edited:
It👏does👏not👏work👏that👏way👏! Stop spreading misinformation.
The ONLY way to gain "full access" (and even that is quite limited with regards to MDM) to an iPhone/iPad is via "Supervised mode".
And your employer CANNOT get your phone into supervised mode unless you hand them your phone and they enroll it in ADE and does a complete wipe/reinstall.
Just by enrolling in an MDM does NOT enable your employer to vacuum your phone for info. There is NO WAY to get any "data" (user data, that is) from an enrolled iPhone, not even in "supervised mode".
There is a clearly defined set of information that the phone can report back to the MDM. This is clearly published here:
github.com
The way MDM works is that the MDM quries one of the keys and get a result back, if allowed (check the keys at GitHub,. if it states: "supervised: true" then that info can only be retrieved from a phone in supervised mode). You cannot run scripts, you cannot run programs and get the output.
The ONLY way to gain "full access" (and even that is quite limited with regards to MDM) to an iPhone/iPad is via "Supervised mode".
And your employer CANNOT get your phone into supervised mode unless you hand them your phone and they enroll it in ADE and does a complete wipe/reinstall.
Just by enrolling in an MDM does NOT enable your employer to vacuum your phone for info. There is NO WAY to get any "data" (user data, that is) from an enrolled iPhone, not even in "supervised mode".
There is a clearly defined set of information that the phone can report back to the MDM. This is clearly published here:
GitHub - apple/device-management: Device management schema data for MDM.
Device management schema data for MDM. Contribute to apple/device-management development by creating an account on GitHub.
github.com
I would recommend asking the person in charge of this at your company. It’s perfectly-fine to have questions and to ask the relevant person at your company who has the answers.
The people you are asking now… we are just some random people on the internet. We could be giving you some good information. But we also could be giving you some bad misinformation.
Last edited:
You are right. It is better to get the info from the source:
User Enrollment and MDM
User Enrollment is designed for BYOD—or bring-your-own-device deployments—where the user, not the organization, owns the device.
support.apple.com
Yeah. The threat of ability to factory reset is just too scary to ignore.
Even if the company can’t get my personal data, I don’t want my phone to be wiped out without notice either.
Wow, I thought you were ChatGPT with how confidently wrong you answered that question.