exchange server security

[Jmac9]

Ok so is anyone familiar with this? I recently hooked into my comapny's exchange server (Windows 2010) to sync email and calendar. Not a necessity for me but a nice plus. After one day of having to enter a pin then swipe the lock screen and not being able to disable that feature, I deleted the account. After reading more I have a question.

The company was listed as an adminstrator - can the IT dept access your phone through the server if you are on (i.e. remote data wipe)? "They" say they can't but I've read where they can and when I need work done on my PC, the IT guy just logs in remotely. I trust the guys on this board to steer me in the right direction. Am I being Big Brother paranoid?

 

[fsuagentsmith]

Ok this is for information security purposes. This is in my ballpark as I am an application engineer at my job and I work a lot on the mobile security. This question is common in our practice. We can NOT remote wipe your phone or log into it via the email server since Android accesses Microsoft Exchange through Https security protocols. We can however turn your account off so you do not recieve any updates from the server and the data is effectively not accessible by your phone. Basically it is like you cannot access a website by logging in anymore. However all cached data on your phone (if you have any) is completely yours. This is why my company doesn't issue android devices. From an Info Sec perspective if we fire somone we cannot keep them from still having cached data and therefore customer data. We as a company issue BB (Blackberry Enterprise Devices) because we do have remote wipe of cached data on the phone. If there are ways to log into your Android device and configure it to a domain security group, I am not aware of it. There are apps that do allow us to remote wipe, but you as a user have to have them on the phone. I trust you do not since this is a personal phone being used to access company email.

 

[fluidj]

I have Touchdown installed because I had a similar beef with the whole PIN security feature. Especially since you have to use the QWERTY virtual keyboard to enter the PIN instead of a normal numerical pad like on the iPhone. I installed Touchdown at the suggestion of another poster here and I must say it's great for one simple feature....you don't enter the PIN until you open the Touchdown email app. I'm still running the 30 day trial version, but I think i'll likely buy it. Give it a try....

 

[PJnc284]

Some of the newer ones should allow remote wipe via activesync. I know this was a big issue with the OG Droid prior to 2.2 since 2.1 didn't allow security policies. If I'm not mistaken some people even had an issue with their Fascinates randomly getting wiped after they were connected to an Exchange server.

And as mentioned above, Touchdown is a must for any serious exchange users as it offers more features and a better interface than the stock mail client.

 

[Jmac9]

Thanks for the info.......this is great to hear.

 

[djlim4]

Theres a pretty easy way around it if u install the old email.apk, it won't ask for a pin like in 2.1 and doesn't ask for all those admin permissions
I got the file on xda a while ago, its in a thread under [mod]email.apk or something like that...
If u cant find the thread, pm me I can send u the file

Sent from my SCH-I500 using Tapatalk