Big Brother x App Sync

A couple of weekends ago I took a rainy Saturday afternoon to figure out which of my Apple devices at home were synced up to my other Apple devices at home.  Some of my devices are for work and some are for play (i.e. personal use). While far down on my to-do list, I got the renewed inspiration from a new coworker of mine who is in his mid 40’s, is not particularly tech savvy, but is paradoxically a savant at 3D model development which ultimately landed him sitting next to me. Upon completing orientation, he was issued a company iPad; standard practice for all new hires. To be helpful, IT had conveniently linked to his personal cell phone to his company iPad via his personal iTunes account.  Ah, the wonders of the Steve Jobs ecosystem, right? Well, halfway into his first weekly pipeline/sale leads meeting I see his face go flush white, his eyes darting frantically across the 10” screen. Being the reverse-mentor that I am, I leaned over with intentions to lend a helpful hand only to find that his iPad lock screen in full tilt with a live stream of text notifications. He apparently had all of the notifications settings activated.

I made a concerted effort not to read the texts themselves, but based on his reaction my sense is that the messages weren’t exactly work-appropriate.  Nor were they positive (I did see a knife and middle finger emoji in there – UhOh). He clicked the sleep button and immediately turned his iPad face down on the table hoping the room didn’t catch his heart skip a beat.

A couple of years ago I decided to drop the bat phone and combine all of my contacts, text messages, photos, etc. to a single iPhone; my work phone. I did this due to a scheduled upgrade to the iPhone 7, around the time that Apple simultaneously enacted a policy that displayed “This iPhone is supervised and managed by [Insert Company Name Here]”, followed by a link to learn more.  Well, I thought it was time to learn more. It was time to learn just what usage and information that my company can track.

For those curious, more information on restrictions per iOS update can be found here:

https://www.hexnode.com/mobile-device-management/help/ios-supervised-mode-features/

Within the iPhone’s General Settings is a tab for Device Management, which gives a snapshot of the device’s management profile.  I have updated to iOS 12.1.4, which in combination with my company’s MDM (Mobile Device Management) profile allows for the following:

  • App Lock (Single App Mode)
  • Global HTTP Proxy
  • Activation Lock Bypass
  • Autonomous Single App Mode
  • Web Content Filter
  • Set background & lock screen
  • Silent App Push
  • Always-On VPN
  • Allow managed app installation exclusively

I, like some of you, do not know what a single one of the above controls actually means.  Most seem to be related to data security on the device itself, so if lost or stolen it can be remotely locked, located, or in dire circumstances erased completely.  But, I decided to dive a little deeper into the MDM Settings, most specifically a tag that I noticed was a part of almost every listed URL, “airwatchportals”. I’m not sure that are many more big brother-eque terms than “AirWatch”.

My MDM

With the help of Google, I learned that AirWatch (http://www.air-watch.com) is actually a firm based out of Atlanta that specializes in scalable platform solutions for multiuser mobile device management.  AirWatch not only provides security and privacy services for mobile devices, but can also provide platform level data sharing and storage services, along with automated Application management.  I found the Workspace ONE productivity tracking capabilities to be both interesting and a bit invasive (I could not find evidence that Workspace ONE is activated on my cell phone). Nonetheless, it proves that behind the veil of device management are tools that extend the company’s reach well beyond data security.

To exacerbate the big brother issue, at least for me, was the fact that via my Apple Account (now installed on my company phone), my company was also linked to content on my personal Macbook, personal iPad, and personal iPod Touch.  Yes, I still have an iPod Touch. Here is where the cool/creepy line got crossed for me. And, what drove me to spend the rest of that same rainy Saturday manually desyncing each of the aforementioned devices. While I understand that virtually all of my activity on my cell phone is fair game, I am definitely not comfortable with Daniel from IT knowing my Chrome search history.  “Don’t worry, those are just videos of cats DJing, Daniel.”

With platform becoming more the norm, does data sync pose a risk for you? Certainly something to think about for those making the leap from college into corporate America.  Read the fine print and, “If you have any questions, ask your Administrator.”

A topic for perhaps the next post – the future of company tracking for “wellness”:

https://www.heraldtribune.com/entertainmentlife/20190312/keeping-watch-todays-employers-have-more-insight-into-workforce-health-than-ever

11 comments

  1. This idea really crosses the creepy cool line for me. As an undergrad graduating this year, this is not really something I’ve had to think about much before, but I’m definitely thinking about it now. My employer having access to search history and other things on my personal computer and other devices for sure makes me uncomfortable. Not that there is even anything specific I can think of that is bad, but I do not understand what need an employer would have to need that information. I know my dad recently got a second phone just for work use because he was sick of IT messing up his personal contacts, and although it seems ideal to have everything for work and play all in one device, this makes me think there is something to be said for some separation between the two.

  2. Yeah, that’s why its a good idea to keep a personal phone, even if there are work devices. I definitely would keep a separate itunes account with the work address, at the very least. The trick is that it is completely legal for companies to do that with devices they provide.

  3. Really eye-opening post! Cross-platform syncing and tracking first came up for me during my internship this summer – interns were not issued company phones, but we were required to install an all-in-one data management/security/VPN app on every mobile device on which we wanted to access work emails. While I wasn’t particularly concerned about the company having access to my personal data and Internet activity (I’m a fairly boring person), I was a little uncomfortable with the idea that the company would have access to all of my existing and new contacts. It’s not the most obvious worry, but your list of contacts – friends from high school and college, doctors’ numbers, family members, favorite restaurants, etc – can paint a highly detailed picture of you (your social and professional networks, your daily habits and locations, potential clues to any health conditions, and so on). This type of contact-based association and profiling is one of the critical methods through which many of the privacy-embattled social media networks make eerily accurate suggestions for friends, connections, and topics/events of interest (“PYMK” on Facebook, for example) – it’s disconcerting to think that your employer might have the information needed to do the same, albeit on a much smaller scale.

    Gizmodo put out a good piece on how Facebook’s PYMK leverages similar data patterns: https://gizmodo.com/how-facebook-figures-out-everyone-youve-ever-met-1819822691

  4. My family all utilize one Apple ID (don’t ask why, I’m still not sure) and my dad’s phone is a work phone. This opened my eyes to my phone and apple data possibly also being sent to his company which definitely crosses the creepy/cool line. While tracking his data is under contract, having my data as well as my moms is completely over the line and I will definitely use my next rainy Saturday to see what’s really going on. All of the terms and settings are confusing as most people aren’t in on the lingo that they use and therefore never truly look into it. As a gen z, I’m supposed to know more about tech and how to fix it but I can be about as bad as a parent sometimes having no clue on what’s going on. Your post definitely has got me thinking about what data I’m sharing with the world.

  5. Definitely a very relevant post for me as I head into the corporate world next year and will be receiving my first ever corporate phone. Many of my older colleagues have made the argument of saving money by using your corporate phone as your personal phone as well and as a broke college student it sounds enticing at first. However, I’m a bit hesitant and after reading this rightfully so. I feel like using a work phone as a personal phone is equivalent to using lync (workplace IM) for personal, work inappropriate messages. The nice thing about lync though is that at least it reminds you that all of your messages are being monitored in the nice little text that appears at the start of every conversation. I mean MDM doesn’t sound all to horrible as long as the company is using it for the right reasons, and you don’t have any nosey IT personnel. However, I think thats two too many conditions for me to accept using a work phone as my personal phone. Guess I’ll dish out the extra $$ for my privacy. I can definitely see how Apple’s product integration can be frustrating in the workforce with intermingled work and personal Apple products. But hey, you’re in the clear now! I’m sure we’ll be hearing about some interesting law suits around MDM in the near future. Great post!

  6. This is a fantastic post and I really recommend that anyone entering the professional world considers these issues. Prior to getting a work phone, I had Slack and Outlook installed on my personal device. However, I did some “shadow IT” fiddling to get around the company having control of my device. While this is a little shady, I knew I didn’t want to give up control of my personal device to my employer. My concerns were totally justified when I learned that another coworker had lost a ton of engagement photos when she left her previous employer as they wiped her device when she left without warning her first. Now I have a work phone and a personal phone. While it is a little annoying carrying twice as many devices around, I get a lot of peace knowing that there is no connection between the devices.

  7. This is such an interesting post! In my past job when I worked for athenahealth, we had to install a security program to protect all work related content. With my current job, since we are on G-Suite, all I need to do is log in and have access to all my work emails, however when it comes to work done on our platform and the work laptop, like most, the specific vpn needs to be connected. While I understand that work laptops and phones need to be regulated, sometimes over regulation may prevent people from data syncing. I have no problem syncing my iMessage to my work Macbook Air , but let’s say my laptop needed repair and I totally forgot to log out of my account, I’d hate for David in IT to see my personal conversations. I had no idea about supervised mode features and all the capabilities that come with it. I am not opposed to having two phones, one for personal and one for work, but I think the better bet for me is just to figure out the right combination of what I do on my work laptop vs. personal devices, and also try to think about it from a manager’s perspective where if I saw one of my employees either searching something fishy or having files that aren’t safe for work what the repercussions might be. Definitely curious as to what features and develops are in MDM in the future.

  8. Super interesting post! My Mac has a split hard drive, where I use the iOS side for personal use and the windows side for work outside the office. This was mostly because the majority of the apps I use for work only function on Windows. For some reason, I thought that the split hard drive meant that my company would not have access to my personal info…after reading this I am starting to think that they probably do.

  9. Great post! As an intern last summer, we were not issued company phones. Instead, we were made to use our personal phones for company use. An interesting move for a large financial company. I always was cautious about the different items the company was making us install.

  10. This is why I don’t take advantage of employer provided cell phones if I don’t need them. I’m sure I’m missing a step along the way but I’ve been trying to as much as possible to keep my personal Google accounts completely separate from my work ones. I feel I’m probably failing though. Like when I take my work laptop home and watch youtube videos that I then realize are on my work youtube history, because of course google auto created a youtube account with my work gmail.

    It’s also primarily why I’m so heavily skeptical of chrome in many cases as well. The idea of having all your preset bookmarks and accounts associated with your account in chrome is nice in theory but it also means it is storing some part of that data on hard drives you access elsewhere using that same account and vice versa.

  11. I made a considered effort at my last job to separate my work life from personal, but inevitably they become intertwined at some level. While syncing all your devices seems like a great idea, and it is when it is your own personal devices when anything professional enters that ecosystem you lose all hopes of privacy. I agree you do not want Daniel from IT knowing you watch cat videos all day, but then again there is something nice about having my text messages come through on my computer. I think it’s one of these things we need to address on a case by case basis and apply it where we see fit when we see fit.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: