Jump to content

I will be getting a company smartphone (iPhone X), what will my company be able to track on my smartphone?

JorenBus

Not only that but it gets looked at pretty regularly. I'm not big 4 but I am under SEC's jurisdiction. Even though I'm an IT consultant I'll occasionally get asked about my girlfriend's investments or have security nerds IM'ing me snippets of my audit trail asking what such and such thing is for. I was always under the impression that each employee generated so much data nobody could ever keep track of it, but insider threats are the #1 hot topic right now and data analysis has come incredibly far over the past couple years. 

Intel 11700K - Gigabyte 3080 Ti- Gigabyte Z590 Aorus Pro - Sabrent Rocket NVME - Corsair 16GB DDR4

Link to comment
Share on other sites

Link to post
Share on other sites

Yes they can see the kind of pr0n you watch at all times

Workstation Laptop: Dell Precision 7540, Xeon E-2276M, 32gb DDR4, Quadro T2000 GPU, 4k display

Wifes Rig: ASRock B550m Riptide, Ryzen 5 5600X, Sapphire Nitro+ RX 6700 XT, 16gb (2x8) 3600mhz V-Color Skywalker RAM, ARESGAME AGS 850w PSU, 1tb WD Black SN750, 500gb Crucial m.2, DIYPC MA01-G case

My Rig: ASRock B450m Pro4, Ryzen 5 3600, ARESGAME River 5 CPU cooler, EVGA RTX 2060 KO, 16gb (2x8) 3600mhz TeamGroup T-Force RAM, ARESGAME AGV750w PSU, 1tb WD Black SN750 NVMe Win 10 boot drive, 3tb Hitachi 7200 RPM HDD, Fractal Design Focus G Mini custom painted.  

NVIDIA GeForce RTX 2060 video card benchmark result - AMD Ryzen 5 3600,ASRock B450M Pro4 (3dmark.com)

Daughter 1 Rig: ASrock B450 Pro4, Ryzen 7 1700 @ 4.2ghz all core 1.4vCore, AMD R9 Fury X w/ Swiftech KOMODO waterblock, Custom Loop 2x240mm + 1x120mm radiators in push/pull 16gb (2x8) Patriot Viper CL14 2666mhz RAM, Corsair HX850 PSU, 250gb Samsun 960 EVO NVMe Win 10 boot drive, 500gb Samsung 840 EVO SSD, 512GB TeamGroup MP30 M.2 SATA III SSD, SuperTalent 512gb SATA III SSD, CoolerMaster HAF XM Case. 

https://www.3dmark.com/3dm/37004594?

Daughter 2 Rig: ASUS B350-PRIME ATX, Ryzen 7 1700, Sapphire Nitro+ R9 Fury Tri-X, 16gb (2x8) 3200mhz V-Color Skywalker, ANTEC Earthwatts 750w PSU, MasterLiquid Lite 120 AIO cooler in Push/Pull config as rear exhaust, 250gb Samsung 850 Evo SSD, Patriot Burst 240gb SSD, Cougar MX330-X Case

 

Link to comment
Share on other sites

Link to post
Share on other sites

I don´t get why people want a company device. It is just another thing to carry around. You need your separate devices for non work stuff.

Link to comment
Share on other sites

Link to post
Share on other sites

9 hours ago, star_pilot475 said:

4They won’t be able to track anything if you turn all location settings off and use a vpn. That way they might see that you’re in Scotland when you’re in Belgium or whatever. 

The company can config the network to block VPN. Similar to my college Wifi won't allow me to use my VPN at all. 

Link to comment
Share on other sites

Link to post
Share on other sites

11 hours ago, JorenBus said:

In October I'll start my first ever job at a big consultancy firm in Belgium, yay. Among other things, I will also get a free smartphone from the company.

This will be an iPhone X.

I get two choices: either transfer my current number to the new SIM and therefore using the iPhone X as my work phone, as well as my personal phone (this is allowed) OR I can request a new number for the iPhone and use the iPhone as my work phone and my current smartphone (OnePlus 3) as my personal phone, which is kinda annoying if I have to have 2 phones on me at all times.

Now if I would get rid of my current smartphone, I would be using the company phone as my personal phone as well.

But right now I'm kinda wondering what they will be able to track if I were to use the iPhone as my personal phone.

In my contract it says that employees must be connected to "[Company] Mobile Device Management" infrastructure at all times.

I'm assuming this is an app that tracks everything on my phone?

If so, I'm wondering what they will be able to track. Like will they be able to read my Facebook Messenger conversations, be able to look at my Snapchats if they wanted to?

I value my privacy and I don't want other people to be able to read my messages if they so desire.

So basically, what can they track/see on this phone and not?

It really depends. They could be tracking nothing but what can be seen on the bill or they can have software like my company does that's required for work and needs to be connected to their network which they can see everything I do

Main Rig CPU: AMD Ryzen 7 5700x GPU: Asus TUF Gaming RX5700XT MBASUS AM4 TUF Gaming X570-Plus RAM: 64GB Corsair Dominator Platinum 3200 CPU Cooler: Cooler Master Master Liquid LC240E SSD: Crucial 250gb M.2 + Crucial 500gb SSD HDD: PSU: Thermaltake Toughpower Gran RGB 850W 80+ Gold Case: Corsair Carbide 275R KB: Glorious GMMK 85% MOUSE: Razer Naga Trinity HEADSET: Go XLR with Shure SM7B mic and beyerdynamic DT 990

 

unRAID Plex Server CPU: Intel i7 6700 GPU: Nvidia Quadro P2000 MB: Asus B150M-C RAM: Crucial Ballistix 32gb DDR4 3000MT/s CPU Cooler: Stock Intel SSD: Western Digital 500GB Red HDD: 4TB Seagate Baracude 3x 4TB Seagate Ironwolf PSU: EVGA BT 80+ Bronze 450W Case: Cooler Master HAF XB EVO KB: Cheap Logitech KB + Mouse combo

Link to comment
Share on other sites

Link to post
Share on other sites

13 hours ago, wANKER said:

If they're doing it right, they should make you sign a mobile usage policy, and in there, it should detail what they can track have access to. 

 

Generally speaking though, when it comes to Apple: 

 

Device location: (usually whenever it checks into the device manager, not real-time)

Data usage 

Installed application 

Installed management profiles 

Mobile number 

Device information - iOS version, IMEI, model etc. 

 

Usually all it comes down to.... 

It of course gives them management control over the device too (remote wipe, lock, locate etc.)

 

It WON'T give them access to what you would usually consider personal data - SMS, browsing history (not through the MDM at least) etc. 

And certainly won't give them access to application data. 

 

So the people saying 'everything' are talking out their arse.

 

 

 

 

I do indeed have a document called "Smartphone regulations". It contains all kinds of information, mainly about things you need to do when your device gets lost, damaged and so on. I've read through the entire document and it just briefly mentions the Mobile Device Management infrastructure, and nothing else about what they can track.

They did also say that I won't be able to use a VPN.

13 hours ago, GoodBytes said:

Just to add, on top of what is being said, remember that they get the ISP bill, so they see which phone number where called, and whom you send or receive an SMS.

In Europe, where dual SIM phone is a popular thing, usually people put their personal SIM and work SIM, and the OS does a decent seperation between the two. However, it is best to have 2 seperate phones.

I don't think iPhone supports dual sim though?

6 hours ago, Teddy07 said:

I don´t get why people want a company device. It is just another thing to carry around. You need your separate devices for non work stuff.

Well I can't refuse the company phone, it's mandatory.

3 hours ago, Slurs Gang said:

The company can config the network to block VPN. Similar to my college Wifi won't allow me to use my VPN at all. 

Indeed, it says in my contract that I won't be able to use a VPN.

CPU: Core i5 4690k                                                   Motherboard: Gigabyte Z97M                     RAM: 16GB HyperX Fury Red                             

GPU: RX 580                                                             Storage: Sandisk Ultra II 240GB                  PSU: Seasonic M12II Evo 520W

Case: NZXT S340 red/black                                      Case lighting: NZXT Hue+                          Mouse: Logitech G502

Cooling: Cooler Master Hyper212 Evo                     Operating system: Windows 10 64-bit

Link to comment
Share on other sites

Link to post
Share on other sites

15 hours ago, dDave64 said:

 

Yeah. This.

 

The level of granular access they get to the phone is dependent on how much they actually want to see what you’re doing. Some things are harder to see than others but this is the tech world, there is a way. They have a right to see anything their device is being used for.

 

I’ve even see it where an admin can remote into a phone and see what’s on screen currently. In fact, I’ve done it myself as an IT admin. You need a special system for this but it’s out there.

I will say this though. It's not normally our policy to snoop. We all have triggered alerts like overly large amounts of data usage or in one case we had someone trying to access a "free" streaming" site. In the case of BYOD, (bring your own device), we have problems mitigating things like people watching porn on their phones, or downloading an app that really is just spyware, or any number of things, and then plugging them in at work or signing them onto the work WiFi. 

It's like unprotected sex with everyone at the office. 

So we have these kind of features for the purpose of keeping our domains clean and mitigating security risks. Not so that we can see everything you do or where you go. That kind of thing only happens when we have employees that we suspect of either watching Netflix all day or we get an email notification saying that there was something really bad accessed. Otherwise we generally don't look at the logs.

Link to comment
Share on other sites

Link to post
Share on other sites

18 hours ago, Slurs Gang said:

The company can config the network to block VPN. Similar to my college Wifi won't allow me to use my VPN at all. 

With the right MDM settings, they wouldn't even be able to change the location settings at all, let alone disable them.

For Sale: Meraki Bundle

 

iPhone Xr 128 GB Product Red - HP Spectre x360 13" (i5 - 8 GB RAM - 256 GB SSD) - HP ZBook 15v G5 15" (i7-8850H - 16 GB RAM - 512 GB SSD - NVIDIA Quadro P600)

 

Link to comment
Share on other sites

Link to post
Share on other sites

I would keep my old phone for personal use and the new one for bussiness use. What I would do is to just insert a prepaid sim card into the company phone. 

Sudo make me a sandwich 

Link to comment
Share on other sites

Link to post
Share on other sites

On 4/15/2019 at 1:13 PM, Velcade said:

It's best practice to keep work and home separate, this goes for all technology.  It is likely they will be able to monitor a lot on their phone.

 

 

IT be like, nice tinder profile bro, the angle on that dique-pique could be better tho. oh and why did you save that on your  company icloud?

Link to comment
Share on other sites

Link to post
Share on other sites

If it's an MDM then it very clearly states what they're controlling when you go into "System - iOS MDM" under General -> Profile -> (Your Company Name) -> More Details -> System -iOS MDM.  People saying "oh they can see everything" :  iOS is different/better about privacy and security, they don't just let shit run wild like Android does.

 

Also keep in mind that at a large corporation, IT departments are going to be lazy/bloated/stupid and not really give a shit about your individual device.  If you're planning on stealing corporate secrets, use a second phone.

Workstation:  13700k @ 5.5Ghz || Gigabyte Z790 Ultra || MSI Gaming Trio 4090 Shunt || TeamGroup DDR5-7800 @ 7000 || Corsair AX1500i@240V || whole-house loop.

LANRig/GuestGamingBox: 9900nonK || Gigabyte Z390 Master || ASUS TUF 3090 650W shunt || Corsair SF600 || CPU+GPU watercooled 280 rad pull only || whole-house loop.

Server Router (Untangle): 13600k @ Stock || ASRock Z690 ITX || All 10Gbe || 2x8GB 3200 || PicoPSU 150W 24pin + AX1200i on CPU|| whole-house loop

Server Compute/Storage: 10850K @ 5.1Ghz || Gigabyte Z490 Ultra || EVGA FTW3 3090 1000W || LSI 9280i-24 port || 4TB Samsung 860 Evo, 5x10TB Seagate Enterprise Raid 6, 4x8TB Seagate Archive Backup ||  whole-house loop.

Laptop: HP Elitebook 840 G8 (Intel 1185G7) + 3080Ti Thunderbolt Dock, Razer Blade Stealth 13" 2017 (Intel 8550U)

Link to comment
Share on other sites

Link to post
Share on other sites

3 hours ago, dalekphalm said:

With the right MDM settings, they wouldn't even be able to change the location settings at all, let alone disable them.

Idk what that is but I can't use my VPN in my college Wifi. If my college can do that than the company can do that too. 

Link to comment
Share on other sites

Link to post
Share on other sites

Anything and everything.

 

Do nothing on that phone, unless you want them to know about it.

 

End of story.

Ketchup is better than mustard.

GUI is better than Command Line Interface.

Dubs are better than subs

Link to comment
Share on other sites

Link to post
Share on other sites

13 hours ago, Slurs Gang said:

Idk what that is but I can't use my VPN in my college Wifi. If my college can do that than the company can do that too. 

I'm assuming you're talking about your personal phone? If so, no MDM wouldn't be a factor (MDM is "mobile device management" - it's the mobile equivalent of joining a computer to a corporate Active Directory Domain). MDM's need to be installed and configured.

 

In your case, they are likely blocking VPN protocols or they are blocking the ports themselves that the VPN connects on.

For Sale: Meraki Bundle

 

iPhone Xr 128 GB Product Red - HP Spectre x360 13" (i5 - 8 GB RAM - 256 GB SSD) - HP ZBook 15v G5 15" (i7-8850H - 16 GB RAM - 512 GB SSD - NVIDIA Quadro P600)

 

Link to comment
Share on other sites

Link to post
Share on other sites

42 minutes ago, Steven123123 said:

i once knew a drug dealer that balanced having two phones by attaching velcro to the backs of them

I mean... yeah that would work.

For Sale: Meraki Bundle

 

iPhone Xr 128 GB Product Red - HP Spectre x360 13" (i5 - 8 GB RAM - 256 GB SSD) - HP ZBook 15v G5 15" (i7-8850H - 16 GB RAM - 512 GB SSD - NVIDIA Quadro P600)

 

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×