undefined | Better HN

0 pointstonmoy8y ago0 comments

I consider myself tech savvy (by no means do I understand that much more than an average user). When I tried to enable my company’s mail on my personal iPhone, I was prompted to install a certificate. In my haste I thought it was just a certificate for *.my-company.com domains, but iPhone showed me a message in the likes of “the owner of the certificate would be able to read/modify all my network communication, monitor/install/uninstall all apps I have... “ and so on. That was enough to stop me in my tracks and now I’m waiting for a company phone instead.

0 comments

2 comments · 2 top-level

fencepost8y ago

That's pretty common, and is one of the reasons for some of the third party exchange clients on Android devices. At least one of the early ones (Nitro?) maintained its own separate data store for email and possibly other things so that when policies were used to wipe data it could wipe only the data in that app instead of the entire device.

The counter to that is that now I believe there are a bunch of Exchange clients on Android that will simply ignore server policy or where handling of policy can be controlled in the settings, which kind of defeats the point.

The original point of all those policies was to be able to erase supposedly secure content if the device was lost or if someone left the company for whatever reason.

Edit: the Exchange client I was thinking of is TouchDown, now owned (and EOLed) by Symantec but I believe originally from NitroDesk.

phkahler8y ago

Yeah, my company requires something like that if you want to access their stuff from your phone. By doing so you enable them to erase (non-company) stuff from your phone and monitor it. Most employees just say no at that point.

j / k navigate · click thread line to collapse