I will be getting a company smartphone (iPhone X), what will my company be able to track on my smartphone?

[JorenBus]

In October I'll start my first ever job at a big consultancy firm in Belgium, yay. Among other things, I will also get a free smartphone from the company.

This will be an iPhone X.

I get two choices: either transfer my current number to the new SIM and therefore using the iPhone X as my work phone, as well as my personal phone (this is allowed) OR I can request a new number for the iPhone and use the iPhone as my work phone and my current smartphone (OnePlus 3) as my personal phone, which is kinda annoying if I have to have 2 phones on me at all times.

Now if I would get rid of my current smartphone, I would be using the company phone as my personal phone as well.

But right now I'm kinda wondering what they will be able to track if I were to use the iPhone as my personal phone.

In my contract it says that employees must be connected to "[Company] Mobile Device Management" infrastructure at all times.

I'm assuming this is an app that tracks everything on my phone?

If so, I'm wondering what they will be able to track. Like will they be able to read my Facebook Messenger conversations, be able to look at my Snapchats if they wanted to?

I value my privacy and I don't want other people to be able to read my messages if they so desire.

So basically, what can they track/see on this phone and not?

[Sir Asvald]

I would stick to having 2 phones. Keep your personal information. As you mentioned you want to keep your information to yourself. Then do that.

[Crunchy Dragon]

1 minute ago, Abdul201588 said:

I would stick to having 2 phones. Keep your personal information. As you mentioned you want to keep your information to yourself. Then do that.

This is the best decision.

 

Keep one phone for company/work related tasks, another phone for personal use.

[Velcade]

It's best practice to keep work and home separate, this goes for all technology.  It is likely they will be able to monitor a lot on their phone.

 

 

[GabeThePCHelper]

Keep work and home separate, it would be annoying to receive both personal and work calls through one phone, and plus you want to keep your privacy.

[RoseLuck462]

Make it a separate line and obviously only use it for work related stuff, no porn!

[Slurs Gang]

Everything. 

[thedude4bides]

I kept mine separate... paying my own phone bill is well worth piece of mind.  I did read the fine print and it seemed like they were saying everything on the phone could be subject to being tracked and was considered company property.

 

Just the other day I was on with tech support for an issue and they have access to everything.  Definitely my policy to keep the two separate...

[Mira Yurizaki]

The company is allowed to track whatever they want on a phone they purchased for you with the intent you're using it for company related tasks. It's to make sure you're using their resources in the manner intended.

[JorenBus]

Thanks for all the responses guys, I'll definitely be keeping my current phone then! 

[wANKER]

If they're doing it right, they should make you sign a mobile usage policy, and in there, it should detail what they can track have access to. 

 

Generally speaking though, when it comes to Apple: 

 

Device location: (usually whenever it checks into the device manager, not real-time)

Data usage 

Installed application 

Installed management profiles 

Mobile number 

Device information - iOS version, IMEI, model etc. 

 

Usually all it comes down to.... 

It of course gives them management control over the device too (remote wipe, lock, locate etc.)

 

It WON'T give them access to what you would usually consider personal data - SMS, browsing history (not through the MDM at least) etc. 

And certainly won't give them access to application data. 

 

So the people saying 'everything' are talking out their arse.

 

 

 

 

[Mbowen]

Literally everything. I work as an IT Admin in an applicable roll. We can see location, activity, internet traffic and the amount of time on the page. We can even remotely destroy the phone >:D

[GoodBytes]

Just to add, on top of what is being said, remember that they get the ISP bill, so they see which phone number where called, and whom you send or receive an SMS.

In Europe, where dual SIM phone is a popular thing, usually people put their personal SIM and work SIM, and the OS does a decent seperation between the two. However, it is best to have 2 seperate phones.

[dalekphalm]

44 minutes ago, wANKER said:

If they're doing it right, they should make you sign a mobile usage policy, and in there, it should detail what they can track have access to. 

 

Generally speaking though, when it comes to Apple: 

 

Device location: (usually whenever it checks into the device manager, not real-time)

Data usage 

Installed application 

Installed management profiles 

Mobile number 

Device information - iOS version, IMEI, model etc. 

 

Usually all it comes down to.... 

It of course gives them management control over the device too (remote wipe, lock, locate etc.)

 

It WON'T give them access to what you would usually consider personal data - SMS, browsing history (not through the MDM at least) etc. 

And certainly won't give them access to application data. 

 

So the people saying 'everything' are talking out their arse.

When talking purely an MDM, you're correct. However, many businesses also install "management" apps (read: spy apps) that will capture much more specific information about device usage.

 

Not every business does this, of course, but I'd still definitely prefer to separate out my personal device and usage completely, if I were the OP.

 

If I was given a work phone, I'd use it side by side with my personal phone.

[star_pilot475]

They won’t be able to track anything if you turn all location settings off and use a vpn. That way they might see that you’re in Scotland when you’re in Belgium or whatever. 

[Velcade]

41 minutes ago, star_pilot475 said:

They won’t be able to track anything if you turn all location settings off and use a vpn. That way they might see that you’re in Scotland when you’re in Belgium or whatever. 

I am required to use the Company VPN or the phone won't work (outside of calling 911).  Not sure how a second VPN would help and if they're tracking your location I sure wouldn't want to be in Scotland when I was supposed to be in Belgium.

[wANKER]

1 hour ago, dalekphalm said:

When talking purely an MDM, you're correct. However, many businesses also install "management" apps (read: spy apps) that will capture much more specific information about device usage.

 

Not every business does this, of course, but I'd still definitely prefer to separate out my personal device and usage completely, if I were the OP.

 

If I was given a work phone, I'd use it side by side with my personal phone.

I didn't think Apple's API even allowed access to that level of information.... 

I've not come across such apps, so I only know from a management profile perspective. 

 

(I know Android is a bit more open, but yeh, as far as I was aware Apple is pretty strict on it) 

 

You got examples? 

(Not saying you're wrong, just curious )

Totally don't want to start spying on our guys 

[dDave64]

2 hours ago, Mbowen said:

Literally everything. I work as an IT Admin in an applicable roll. We can see location, activity, internet traffic and the amount of time on the page. We can even remotely destroy the phone >:D

 

Yeah. This.

 

The level of granular access they get to the phone is dependent on how much they actually want to see what you’re doing. Some things are harder to see than others but this is the tech world, there is a way. They have a right to see anything their device is being used for.

 

I’ve even see it where an admin can remote into a phone and see what’s on screen currently. In fact, I’ve done it myself as an IT admin. You need a special system for this but it’s out there.

[dalekphalm]

1 hour ago, wANKER said:

I didn't think Apple's API even allowed access to that level of information.... 

I've not come across such apps, so I only know from a management profile perspective. 

 

(I know Android is a bit more open, but yeh, as far as I was aware Apple is pretty strict on it) 

 

You got examples? 

(Not saying you're wrong, just curious )

Totally don't want to start spying on our guys 

These apps wouldn't use Apple's Push API - they'd be separately installed and monitor local activity and report back to some cloud server - it's glorified malware basically, in terms of how it would snoop. Sorry I don't have any specific examples - we don't bother with that kind of software and stick to an MDM by itself.

[Arika]

If work is giving you a phone for work use, assume that they can see everything you're doing on it. 

[straight_stewie]

Assume that they can track and see everything you do on the phone, and everywhere that the phone goes. Only use the business phone for official and legitimate business related tasks, and only take it to business appropriate places.

 

The internet is full of stories of high profile people, like college football coaches for example, who lost everything they had because they used their company phone to negotiate with drug dealers or prostitutes. Don't be that guy.

[mr moose]

If it were me, I take my jobs very seriously and extremely limit personal activity on company time (unless pre arranged), I would have two phones and only give your work number to a few key family for emergencies and leave your private one at home.  This also has the added benefit of a legitimate reason for not talking to certain people throughout the day. 

[JZStudios]

I'm real paranoid, so unless your on call 24/7 I'd even probably turn off the phone once I'm out of work hours. I don't want them knowing everywhere I go. I get freaked out when I try to just use Google to find an address and it auto enables location and it asks me to rate my experience at the burrito place. That's way too much information going out.

 

I don't care if it's a work phone and I'm in the work building, or on the way to a job because that's expected knowledge, but anything I do on my off time they can **** right out of.

 

Edit* Even if you were on call I'd give them my personal number so they can call me on my off time. If they don't like that... I'm really not down with giving them information about everything I do and everywhere I go. There's still value in having computers that aren't hooked up to the Internet in any way.

[SenKa]

@JorenBus From my experience, the answer to your question of how much they can track is as much as they want to.

 

Anything and everything on that phone should be considered open information, including location.

 

My source is my father, I had to de-tox all the old work tech that he got to keep after retiring due to injury.

 

Keep your work and personal cell phones separate, for sure. Also don't take your work phone anywhere your company would shame you for being.

 

 

[jake9000]

On iPhone, MDM is somewhat limited. I can't really see SMS or iMessages. What I can do is sandbox corporate data and ensure it doesn't leave non-corporate storage despite being on your phone. I can also enforce this -- If you disable my device administrator rights, I'll get an alert that it happened your mail/calendar will suddenly become inaccessible. 

 

In the case of the corporate-owned phone I can even lock you out of the device itself since I'm effectively the owner. Do keep in mind since your company pays the bills, they can see usage information in the carrier's portal and can even subscribe to carrier-level location tracking if they want. 

 

That being said, MDM deployments vary wildly by company. As a consultant I've got some clients going full snoop-mode with location tracking and automated check-ins with their field workers, and I've also got some folks who just want to have email on their phone but are required by govt or industry compliance to have some kind of controls in place. Airwatch and MobileIron will request the maximum rights on the device even if it won't utilize it, so you have to ask you company's IT dept for the details.