Advice on my new GS3 & my company's MDM

[npo]

So the company I work for made me buy my own upgrade phone, but they're footing the monthly bill (in the past they've bought the phones -- previously always BB -- as well). Got my new GS3 this morning, & it's charged and activated. This afternoon I got an email from IT saying "please install MaaS360". I'm browsing the net to see what that does, but could use some advice from someone who knows more. For one thing, I wouldn't have ordered the phone if I couldn't root it, and it looks like MaaS360 can prevent me from doing that -- and probably wont work with a custom ROM once Cy..Mod is available for the phone. For another, I'm not too keen on the idea of IT being able to track web usage on non-work Wifi networks after work hrs (home, coffee shops, etc), see the personal files on the SD card, kill **MY** phone if a misguided administrator decides to fire me, etc.

Should I be/not be ticked off? Root the phone before installing the program, then play dumb? Thoughts?

 

[fotd]

I don't have any advice for you. But this going to become more common. It's been the buzzword for the last year or two, BYOD or Bring Your Own Device. Most companies don't yet have real MDM (mobile device management) servers yet but they're coming. We like most places use what's built in to the mail servers external access. Which is typically the ability to remote wipe and put a password policy, etc.

Have no idea what server your company uses, but I believe most of the email based ones don't have the ability you're referring to. But it sounds like you have a full blown MDM which probably does. As far as root/jailbreak, that absolutely should be part of their policy.

*****edit*****: looking at their website it still just looks like location tracking, app install/uninstall, policies and restrictions, and remote message/wipe. Not remote file retrieval or logs. Unless you surf a ton of porn or have a bunch of risqu? apps I'd say you're good. I Hopefully someone who has used it will chime in.

Sent from my SCH-I535 using Tapatalk 2

 

[raremage]

This is what BYOD strategy is all about. Basically it sounds like your company has a BYOD policy that requires loading of MDM software; in return you can use a personal device for access to corporate resources (and they're footing the bill as well).

They were doing this already when you had a Blackberry, except you hadn't purchased the phone.

I would guess the absolute worst thing that could happen is your phone gets wiped if you leave or are terminated for some reason, at which point you're looking at a factory reset and you do what you want with the refreshed device.

One thing I would ask for is a cop of the written MDM policies with regard to BYOD devices, and see if you can live with those. If not I guess you return the phone and have them buy you another Blackberry.

 

[npo]

The biggest issue for me, I think, is being able to root, flash custom ROMs, etc. That's the whole reason I got an Android phone and the GS3 specifically.... I've had an Android tablet for about 6 months and LOVE the flexibility. Funny thing is, I use both the android tab and a laptop with no corporate controls (which the company bought for me, lol) at work all the time, AND I have root/admin access to all the systems I use. Sigh.


And regarding: "They were doing this already when you had a Blackberry, except you hadn't purchased the phone." Yes, I know, but the Android is useful for so much more than my BB was. I didn't really need root on that, but if I'm expected to carry around a computer in my pocket 24-7 (which they do expect, even when I'm on vacation), then I want to be able to maximize its usefulness.

 

[fotd]

I'm not sure they can actually detect if you have root or not. It's just usually part of the policy. Look at the jailbreak incident with the default ssh password worm. That's what they want to prevent. I make those policies and will tell you I've been known to rom once or twice

Edit: grammar, still getting used to swiftkey


Sent from my SCH-I535 using Tapatalk 2

 

[draco947]

Be grateful that they're paying for your plan, and letting you use your phone to access corporate resources. While BYOD may be the next "big" thing for companies, it's not yet that common.

If the company is paying the bill, and allowing you to access corporate resources, you have to follow the policies. End of story.

If you don't like it, pay for your own plan and phone.

The reason they want to manage apps, data, and location, as well as rooting and ROMs, is because corporate security is crucial. Just a single corporate record or customer information record lost or leaked can cost hundreds of thousands to millions of dollars. It's their job to protect those assets, so don't take it personally. They don't have a vendetta against the users, but their jobs are on the line, so they have to be hard nosed about it.

Plus, just like why Verizon locked the boot loader, if you root it and brick it, they don't want to spend their time fixing something that could have been completely avoided. It's labor cost, and time that could be spent on more important and critical issues.

I know I sound a bit harsh, here, but, as a sysadmin, I know what the other side of the fence on BYOD is like. It puts a lot of pressure on a department that is already overworked and under staffed.

 

[npo]

Plus, just like why Verizon locked the boot loader, if you root it and brick it, they don't want to spend their time fixing something that could have been completely avoided. It's labor cost, and time that could be spent on more important and critical issues.

Agree with the understaffed part... I've been trying to get admin to hire an additional IT person to cater mainly to my dept's needs for years (we're in a very technology dependent field). Instead, IT has to pawn off tasks to me and others in my group, who earn a whole lot more than the IT staff (also in a very degree and training dependent field) AND take double the time to figure IT stuff out since we're not IT. Not sure how that makes sense to admin, who are at minimum supposed to be able to count beans. Just the time I spent activating the phone, transferring contacts, etc, and trying to figure out the implications of the program they're asking me to install cost the company 3 or 4x the cost of the phone in lost productivity on my part. (To be clear... ranting on administrators, not IT at all in this particular case)

 

[sknight702]

I apologize for being late but we are currently going through some more research to see whats changed - our current mdm provider amtel has attacked this in a different way. they kind of put my company in charge of deciding how controlled that device will be by containerizing my email, contacts, work files, etc. so if anything goes haywire - im really only losing my corporate info.

now that its a year elapsed...what have your experiences been??

 

[John Aubrey]

I manage our MDM, Airwatch at work. We are capable of monitoring a lot of info, but the only thing we use it for is managing work email. Simply if you leave we want to get our info off without touching your other software. In reality, we are using this for the users best interest. I know this is every company, but I doubt that every company is out to get you. I don't think you IT staff has a person dedicated to snooping in on your smartphone info.

 

[John Mosure]

In my case, the company took back all company phones in 2012. In return, we had to get our own smart phone with GPS and Internet capabilities, and they supplemented our paycheck 50.00 per month. Now, in order to do my job, I must install Maas360 on my phone, or I will not be able to receive email and service calls. I would assume that would lead to becoming unemployed.
It hardly seems fair, but due to the labor market, my age, etc., what can I do. Glad I am close to retirement.