One of my email accounts (it’s Google apps for education) stopped syncing with my phone yesterday. I get a non dismissable “account action required” notification that tries to install Device Policy Manager, which among other things allows the account admin (which until two years ago was me) the ability to remotely lock or wipe my phone. The boilerplate rationale for this is to “protect our data”. Huh? How does wiping MY data from MY phone (which I pay for) protect your data? I don’t even have any of your data. Just my email and my calendar. Are you going to burn down my house and give me a lobotomy in case I kept a printout or remember something?
I doubt it is Google’s policy. The school district has made this decision (although Google obviously provides the tools).
I think this is becoming commonplace now. I can only get work email on my phone if my corporate employer installs something that allows them to remote wipe the phone. I think the end result was many (most?) of the somewhat cynical developers are simply off the work grid outside of work hours. I wonder if they actually realize how much they’re paying for this extra “security”.
Yes, such policies are becoming more commonplace. If you lose your phone, the organization doesn’t want the liability of some unknown person accessing the employee’s email box.
My preference is to decouple work and personal life. The company should provide a company device if they want employees to have access to company email while mobile, and of course at that point the company can install whatever software they want on the company phones. If they aren’t willing to do that, access to a Web-Based mail portal. If that’s a no-go as well, “next email check-in will be at start-of-business, next business day”. But I’ve never personally held a position important enough that my email response was absolutely required within minutes/hours; the occasional emergencies usually result in phone calls.
Yes, it’s called “BYOD” (bring your own device). You buy and pay for the phone, and your company installs crappy bloatware that gives them total control over your device.
People always look so stunned when I tell them “if you want to send me mobile messages or control my mobile device, then you will pay for it.” As if people are so desperate to get bothered outside of work hours!
To join the pile on, it’s the school district asking to wipe the device and create and install per their policy, not Google. Don’t accept the request.
You should be able to migrate from your current build to regular Google fairly painlessly. Let us know if you need any pointers. It sounds like you should tackle it sooner rather than later, to preserve your data.
My beef with Google is that they they created the means to push the Google Apps Policy Manager app so aggressively. Like I said, two years ago I was one of the admins for the district, and we deliberately chose not to use that feature. My current workplace is another school district (in a completely different role) that also uses Google Apps but doesn’t use the Policy Manager either. There’s no point in it, unless someone just gets off on micromanaging for no reason. In both cases, it’s just for email for crying out loud. Neither district is stupid enough to trust Google Apps with confidential data.
But in this case I don’t think it’s the district, it’s the newbie in charge now. I hate to bad mouth the kid, I know him and like him, but he’s a fairly recent high school grad with next to no experience. He’s got potential, but right now he’s way over his head with little or no assistance. They used to have two full-time experienced tech people (me and my former supervisor), but eliminated my job two years ago (doubling my supervisor’s workload for no extra pay), then eliminated my former supervisor’s job at the end of this school year. Now they’ve just hired the aforementioned recent grad for a paltry hourly rate. Knowing him, he probably saw the checkbox in the Google Apps admin panel and though “Cool! Let’s see what this does.”
That’s why I refused to sign on to the BYOD program. During the last decade I’ve had multiple instances of my emails being subject to a legal hold, and I could foresee an occasion where my device was subpoenaed and spent six months or six years in an evidence locker waiting for trial.
The company I worked for always allowed “reasonable” personal use of company equipment, so I didn’t have to carry two devices, and just used to company iPhone.
I get why people don’t want to give up control of their own device. But I don’t understand the resistance to remotely wiping a device that you lost. Most people have a lot of personal data on their phones, plus mobile banking and shopping apps. It’s a big privacy and security risk. Why wouldn’t you want to have that wiped if you lost it? The data is all synched in the cloud, so you’re not losing anything permanently.
Because you have no control over what software they use to do the wiping, and what security it has, and who has access to the wiping feature. What if some disgruntled IT employee decides to wipe every phone on his way out the door? What if they bought the lowest cost security package, and it got hacked?
If he’s separates employment for any reason, including resigns or being laid off (not fired) they would probably want to wipe their email from his phone, which is not lost. On Topic Sidebar: I have yet to find an Android app that will fully clone an old phone to a new one let alone redoing one that was wiped. Yes, there are apps that will bring over data, pictures, wifi passwords, & call logs. What I’m talking about is I want App A shortcut on homescreen top left, App B shortcut on homescreen bottom right, App C on second screen, etc. or change the default ringtone for a specific user, like your SO or kid. Do any exist that will clone my unique setup? I have ½ dozen camera/remote/video/photo viewing apps all clustered together on my second screen. How do I recreate that other than manually?
Because I would not be the one making that decision.
My phone is going to be password protected, with the data encrypted. It’s already protected against someone else getting the data. So I’d prefer not to wipe it while I’m still trying to find it. And, after I give up, the only reason to wipe is to ensure it can’t be decrypted when decryption tech gets better in the future.
Restoring from backup sucks. It takes time to get everything set up back the way I want it (since I’ve been tweaking things for a while). I’d prefer to avoid that if at all possible.
And, anyways, anyone who is actually trying to get data will not connect the device back to the network so it can get the wipe signal. Unless recent advances have made this impossible, they’d try to copy the encrypted data off and work on cracking that.
In other words, automatic wiping only stops casual snoopers.
I don’t get that. I can access my corporate mailbox on my personal cell phone using an app called MAAS360. I access the email within this app, so it’s entirely segregated from the rest of my phone. And if my email were subpoenaed, they could just access my mailbox off the Exchange server. I don’t see why they would need to touch my phone at all.
When my last company rolled out their BYOD program I held off for a couple of months to see what all policies were being pushed down since I couldn’t get a straight answer from anyone. The forced screen lock at one minute and 6 digit pin were deal breakers. I already had a reasonable autolock timeout and pattern unlock. These were settings that couldn’t be changed so I opted out.
I don’t think I want my employer determining when my phone is “lost”. They’ll be over-eager if “lost” means I’m separated from the company, and they’ll be under-eager if I’m just worried because I lost it.
Plus, the app just sucks, and gives me no faith that it will either work as intended or stay out of my way.
As the IT person doing the wipes, I think it’s a good thing. The execs around here are always losing phones or having laptops stolen. Sure, the NSA could give a crap but there are still trade secrets and other data people don’t want in the wild.
That said, I don’t have a personal phone or number, they both belong to my company. Simpler than filling out expense reports every month.