1. wetwaterdog's Avatar
    I was setting up my new Nexus S 4g for work with the exchange server. Got everything set up correctly, BUT>>>BUT.......I get an "Activate Device Administrator" screen that has some really WTF permissions and I have at this point refused to accept the conditions.

    Here's what the screen says:

    Activating the administrator will allow the application email to preform the following operations:


    "erase all data" erase the phones data without warning, by performing a factory data reset

    "set password rules" control the length and the characters allowed in screen unlock passwords

    "monitor screen-unlock attempts" monitor the number of incorrect passwords entered when unlocking the screen and lock the phon or erase all the phones data if too many incorrect passwords are entered.

    "lock the screen" control how and when the screen locks


    My choice is to activate or cancel. at which point, the exchange account will not be set up.

    Unless I am missing something....this if FAR to much freedom to allow anyone or exchange server on my phone....unless they are paying for it....which they are not.


    NOTE: I had a Thunderbolt before this...with verizon bloatware. When I set up my work exchange server address, I do not recall seeing this type of warning or this type of control.

    Anyone know what is going on????
    05-24-2011 07:09 PM
  2. KSmithInNY's Avatar
    Those are standard exchange active sync requests.
    05-24-2011 07:27 PM
  3. wetwaterdog's Avatar
    When I set up the thunderbolt, I was never asked those types of questions....

    Does it mean that my company can have full control over my phone to delete all data and reboot the phone?
    05-24-2011 07:30 PM
  4. KSmithInNY's Avatar
    "erase all data" erase the phones data without warning, by performing a factory data reset
    The company has permission to erase /data on the phone. Used when phones are lost or you leave the company. = normal

    "set password rules" control the length and the characters allowed in screen unlock passwords
    Means your company forces a strong password policy. = normal

    "monitor screen-unlock attempts" monitor the number of incorrect passwords entered when unlocking the screen and lock the phon or erase all the phones data if too many incorrect passwords are entered.
    Means if someone uses the incorrect password too many times, in an attempt to unlock the phone, it automatically wipes /data. = normal

    "lock the screen" control how and when the screen locks
    Means the company can control the amount of time from last activity until the screen locks. = normal
    05-24-2011 07:34 PM
  5. KSmithInNY's Avatar
    When I set up the thunderbolt, I was never asked those types of questions....

    Does it mean that my company can have full control over my phone to delete all data and reboot the phone?
    You were, and agreed, it was just phrased differently. This coming from an IT manager who has owned AOSP and sense devices . HTC uses their own mail client which phrases things differently but the results are the same.
    05-24-2011 07:36 PM
  6. wetwaterdog's Avatar
    Well all that sucks....

    What about my personal info...and apps...etc...?

    In fact, I PAID for the phone, they pay the usage...but if I get fired, I'm the one stuck with a 2 year contract at $100 a month. WTF......
    05-24-2011 08:05 PM
  7. wetwaterdog's Avatar
    Can they have full access to my phone to see or do what they want at any time????

    will they be able to see my other email accounts or activities...
    maybe even track where I am when I am on the road?
    monitor my call history?
    05-24-2011 08:07 PM
  8. kalex's Avatar
    Wrap the phone in tin foil. you'll be fine.

    But seriously these are standard exchange polices that businesses setup. You said it yourself they pay for usage and u need to access exchange email. Suck it up and accept it. They will not have access to your personal stuff and most likely they already have access to your work emails. all these polices do is enforce protection of their data. If you loose the phone they wipe it, if u get fired they wipe it. They also force you to setup password so that if u loose the phone and they don't get a chance to wipe it, nobody will have access to their information.

    If you get fired they will wipe the phone, you will reconnect it to your gmail account and all will be zen
    05-24-2011 08:14 PM
  9. kalex's Avatar
    Well all that sucks....

    What about my personal info...and apps...etc...?

    In fact, I PAID for the phone, they pay the usage...but if I get fired, I'm the one stuck with a 2 year contract at $100 a month. WTF......
    everything will be wiped but you can always use google backup/restore to get most of it back. rest will have to be reinstalled..


    You paid for the phone and u are using it, if you get fired they wipe it and then u reload it and continue paying your contact. Why would u think otherwise?
    05-24-2011 08:17 PM
  10. wetwaterdog's Avatar
    Last question....
    I have 4 other email accounts that I use with the phone. Do they have access to those emails for viewing. Those are my private accounts and I would not allow anyone access to them but me. This is the most important question....please answer this one.


    Secondarily, I do understand what you are saying about they pay for it....but, personally, I really don't need a smart phone, they want me to have one and pay the service per month. I can understand them wanting to delete the emails and or contacts from their exchange server, but why take down my whole phone?
    05-24-2011 08:26 PM
  11. bkrasso's Avatar
    My company has just started doing the same thing. They only have access to the Exchange Email, in terms of being able to read your email. They dont have access to any of the other information in your other email accounts.

    The reason why they would wipe the whole phone is because there is a def possibility that you could have saved an attachment from an email that contains business data. Doing a full wipe of the phone they can guarantee that there isnt any business data left on the phone.

    Just for future reference, the Exchange Wipe doesnt wipe an SD Card, so if your company allows Android Phones with an SD card then you could move all of your apps over to SD Card and you dont have to worry about losing your apps, pictures and other things saved on SD Card.
    05-25-2011 09:01 AM
  12. wetwaterdog's Avatar
    Thanks for the info.....

    However, I seriously doubt they do not have access to my other email accounts. If they have enough control over my phone to maintain screen log on's, and wipe the phone with a hard reset, then I would guess they can also read/see/alter/copy anything that exists on my phone. My other emails load automatically with saved passwords, so unless they just have the ability to send a wipe command, or a lock command, then maybe....but then anyone who can wipe my phone or lock it can surely read anything they want. What a world ..
    05-25-2011 04:52 PM
  13. wetwaterdog's Avatar
    Thanks for the info.....

    However, I seriously doubt they do not have access to my other email accounts. If they have enough control over my phone to maintain screen log on's, and wipe the phone with a hard reset, then I would guess they can also read/see/alter/copy anything that exists on my phone. My other emails load automatically with saved passwords, so unless they just have the ability to send a wipe command, or a lock command, then maybe....but then anyone who can wipe my phone or lock it can surely read anything they want. What a world ..
    05-25-2011 05:00 PM
  14. tb582's Avatar
    Thanks for the info.....

    However, I seriously doubt they do not have access to my other email accounts. If they have enough control over my phone to maintain screen log on's, and wipe the phone with a hard reset, then I would guess they can also read/see/alter/copy anything that exists on my phone. My other emails load automatically with saved passwords, so unless they just have the ability to send a wipe command, or a lock command, then maybe....but then anyone who can wipe my phone or lock it can surely read anything they want. What a world ..
    I'm interensted in this as well... I got to the final setup part where it also asked me to enable such and such. Currently I have a BB via work but if I could get my exchange email/calender on my phone that would be even better! but I do have concerns as to what they would be able to do and see and how much control they really have?
    07-22-2011 06:57 PM
  15. Nilanka Sooriyampola's Avatar
    You were, and agreed, it was just phrased differently. This coming from an IT manager who has owned AOSP and sense devices . HTC uses their own mail client which phrases things differently but the results are the same.
    Yeah this is true I guess. But a workaround is installing the native app of the exchange account if there is one. For an example if the exchange account is Microsoft based, the Outlook app will easily configure your mail without all the hassle. The issue is how are the same security measures applied then? Because it's just an app and there's no control over it.
    05-24-2017 10:58 PM
LINK TO POST COPIED TO CLIPBOARD