Employees can now bring their own devices to work (laptops, tablets, smartphones, and others) and use them to access sensitive company information and applications because bringing your device (BYOD) is increasing at workplaces. MDM aims to improve device functionality and security while lowering costs and downtime.
Invasion of Personal Privacy
MDM is a way to ensure employees stay productive and do not violate corporate policies. Specific policies are configured server-side and can be enforced anytime on mobile devices without consent or notification. Even if companies state that they are installing an MDM policy on mobile devices for creating a work profile and enforcing a password policy, there is no way for employees to verify that.
How does MDM invade the privacy of employees?
One of the most significant benefits of MDM for companies is that employees are not even aware of how much the company administrators know. Depending on Android devices or supervised iOS phones, an administrator can enforce an MDM policy on the employees’ mobile devices to:
- Track mobile devices (and employees themselves) in real-time by using the device GPS on Android and specific iOS MDMs.
- Read text messages on Android by using routing text messages with the help of an SMS Gateway.
- Look at private photos and videos by intercepting the device’s cloud backups with the help of VPN and organization forced SSL Decryption (on both unsupervised iOS and Android)
- Check the employees browsing history by following the procedure mentioned above.
- Browse the list of installed apps on mobile devices, including dating applications on Android phones.
- Perform an SSL MITM attack to expose the employees’ banking details, credit card information, private conversations, medical searches, and the entire internet traffic with the help of VPN and organization forced SSL Decryption (on both unsupervised iOS and Android)
- Remotely wipe the data on mobile devices whenever they think there is a requirement.
- Remotely lock the mobile devices whenever they believe there is a requirement.
- Limit or disable backups such as iCloud.
- Force the employees to stop using certain apps.
The companies will frequently use excuses to perform all of these actions. Even if they provide assurances, employees should never accept these policies because:
- The company’s policies can change in the future.
- The company’s system administrators can change in the future.
- Companies can force system administrators to perform specific actions.
- The system administrators can get compromised.
- Administrators’ systems can get compromised
What is the solution?
When companies have a strict policy on their data, it is irresponsible for employees to keep their company’s data on their mobile devices without having the company handle all the data. They must remove all their emails, chats, passwords, and everything that belongs to the company.
However, this does not mean that employees should allow their companies to invade their privacy just because they are required to have data that belongs to the company on their mobile devices. Instead, they must opt for the mobile devices provided by the companies.
BYOD to work is to remain in place in the foreseeable future. Unless the companies change the MDM specifications, employees must never accept an MDM policy on their mobile devices and instead opt for the devices they offer for work purposes.