Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
My employer can wipe my iPhone?
- Thread starter Corrode
- Start date
- Sort by reaction score
Reading this thread: what the heck is wrong with some of you?
Yeah, your device can be wiped. That is how it was designed. This isn't new. This is a failsafe.
Remove your work account? What kind of idiotic place do you work at that you're afraid of people randomly erasing your device for no apparent reason? Do you think this is a common thing, to have your device randomly erased??
Also, have you not heard of backups? My work can wipe my phone all they want. I won't lose anything. This is also how it has been designed.
Look, if your phone is lost or stolen, you want it wiped so that no one can get to your stuff.
If you physically possess the phone, getting "wiped" doesn't matter. You can simply put stuff right back on it.
If you're not backing up, you're a fool.
If you think it's a problem that your employer doesn't have the right to wipe their property that you chose to put on your device, you're a fool.
The "I just removed my work email account" mentality doesn't make sense. What kind of stupid **** are you doing with your phone or work data that you're afraid of?
Yeah, your device can be wiped. That is how it was designed. This isn't new. This is a failsafe.
Remove your work account? What kind of idiotic place do you work at that you're afraid of people randomly erasing your device for no apparent reason? Do you think this is a common thing, to have your device randomly erased??
Also, have you not heard of backups? My work can wipe my phone all they want. I won't lose anything. This is also how it has been designed.
Look, if your phone is lost or stolen, you want it wiped so that no one can get to your stuff.
If you physically possess the phone, getting "wiped" doesn't matter. You can simply put stuff right back on it.
If you're not backing up, you're a fool.
If you think it's a problem that your employer doesn't have the right to wipe their property that you chose to put on your device, you're a fool.
The "I just removed my work email account" mentality doesn't make sense. What kind of stupid **** are you doing with your phone or work data that you're afraid of?
I'm not saying this happens in every case but in most there are probably agreements you were given at some time that gave the right to do things such as this. I could be when you joined the company in all the security and data rights stuff. No one ever reads that.
Personally, as said, I really don't have an issue with this. It isn't as if they do it randomly - hay it is Friday lets wipe 243 people's phones today. I don't want to be responsible for confidential information getting out to the public or to a hacker if my phone is stolen or lost.
Back up - then back up again , then back up.
Personally, as said, I really don't have an issue with this. It isn't as if they do it randomly - hay it is Friday lets wipe 243 people's phones today. I don't want to be responsible for confidential information getting out to the public or to a hacker if my phone is stolen or lost.
Back up - then back up again , then back up.
Never said that, it prevents the company from just deleting everything, without regard for the personal data that's stored on there, simply because they think it's the right thing to do. Both their data and mine should be taken into consideration, not just theirs. There's nothing broken about such a law.
I wasn't using the said Microsoft Service much in the first place, this only convinced me to use it even less. The problem is not that I think they wil use it irresponsibly, I am sure they wil.. but when it comes to my private data we're bound to disagree. When a conflict like this arises, I'd like to think my employer takes such a situation into consideration.
I'm not sure that anything is going to change, I run IT and have the option to either wipe or unassociate devices. I have never used the wipe option other than for testing FWIW, even when employees leave. I don't see how it could be any other way... IT departments always want full control, just in case.
What you're asking for is akin to allowing a personal PC into company networks without adhering to domain policies (well, more of a hyperbole i suppose).
Outlook Web Access through Safari is the real answer here.
What you're asking for is akin to allowing a personal PC into company networks without adhering to domain policies (well, more of a hyperbole i suppose).
Outlook Web Access through Safari is the real answer here.
This makes sense and seems standard. Especially considering many companies used to (and a few still do) issue company phones which meant they had IT linked to them at all times. Why should it change when employees want their personal phones for work? It's still an issue to company security. Especially in a field like yours.
In my field I cringe at how many people don't lock down their phones and computers. Many are self-employed or independent contractors dealing with sensitive health, insurance, and personal information. If you use your personal phone for work keep it locked down, ensure you know how to have it remotely wiped, and if your company requires it take advantage of that remote wiping capability because it'll cover your ass as well.
You can try using Divide (http://www.divide.com/) or perhaps set up some sort of forwarding of (some) work email to another non-work address that you can then check (if that's allowed).Right, this thread has made me delete both my work accounts of my phone. So I guess I'll never be checking my work emails again
----------
It seems the thread was originally focused more on why the phone wouldn't notify you that now certain additional remote controls and/or other policies were being added/enacted on your phone when you were adding an Exchange account with such policies--seems like it'd be fairly straightforward for the phone to let you know of that at least. As well as why wouldn't the work notify you of that either--which is more of an individual thing based on the job and the IT department and all that.
Beyond that it went into what happens if the employer wants to wipe it for one reason or another and all that. Which are also valid and relevant discussion points, but they are somewhat separate and more or less in addition to the other ones mentioned above/originally.
Yep, and it is at this point that I reiterate my previous two points.
1. Most businesses / IT Departments don't notify their users of this feature because they have no intention of using it, and apparently, some tech folks didn't even know it existed. I'm pretty sure you're fine.
2. If you're really worried, bake your IT guys cookies. It's a well-known fact that cookies keep all IT folks from randomly wiping devices. If you don't believe me, ask your IT staff, and I'm sure they would confirm my story. Well, a few oddballs have been rumored to want cake instead, but those cases were never independently confirmed.
1. Most businesses / IT Departments don't notify their users of this feature because they have no intention of using it, and apparently, some tech folks didn't even know it existed. I'm pretty sure you're fine.
2. If you're really worried, bake your IT guys cookies. It's a well-known fact that cookies keep all IT folks from randomly wiping devices. If you don't believe me, ask your IT staff, and I'm sure they would confirm my story. Well, a few oddballs have been rumored to want cake instead, but those cases were never independently confirmed.
Actually, they can. My company uses AirWatch MDM. They can see what you do, erase your phone, etc. Corporate owned or personal.
https://itunes.apple.com/us/app/airwatch-mdm-agent/id338761996?mt=8
I work for a government contractor and they won't use the built in email app for the company iphone email.
Anyway...unrelated somewhat but I have always wanted to know.
Can employers monitor the text messages on compan iPhones if they are iMessages? I imagine if its a standard text it may be somewhat easier to retrieve from verizon or at for themt. I am not sure if they have stuff like this in the contracts with the carriers where it allows an employer to be able to retirve text messages any easier than usual(other than going the law enforcement route)
Curious to know though
Anyway...unrelated somewhat but I have always wanted to know.
Can employers monitor the text messages on compan iPhones if they are iMessages? I imagine if its a standard text it may be somewhat easier to retrieve from verizon or at for themt. I am not sure if they have stuff like this in the contracts with the carriers where it allows an employer to be able to retirve text messages any easier than usual(other than going the law enforcement route)
Curious to know though
FWIW, here's a list from Apple showing everything that they allow MDMs (like AirWatch) to "see" on your device.
I guess it boils down to what specifically you mean by "they can see what you do".
To me, it seems like the only extra "seeing" ability a MDM adds is being able to see what apps are installed (and being able to prevent them from running). But they can't see your iMessages, personal emails, Notes, etc. They can't see what you're posting on MacRumors via Safari, or what you're doing in any app.
I still wonder why with all the built-in usability into the iPhone that the phone (the OS) can't at least show you a notification when you are adding an account of such type where it would allow for some remote control of your phone (even if that control was never to be used). The phone seems to know of it, so why not show even a generic notice with a simple OK button at least to tell the user.Yep, and it is at this point that I reiterate my previous two points.
1. Most businesses / IT Departments don't notify their users of this feature because they have no intention of using it, and apparently, some tech folks didn't even know it existed. I'm pretty sure you're fine.
2. If you're really worried, bake your IT guys cookies. It's a well-known fact that cookies keep all IT folks from randomly wiping devices. If you don't believe me, ask your IT staff, and I'm sure they would confirm my story. Well, a few oddballs have been rumored to want cake instead, but those cases were never independently confirmed.
That is definately not allowed.
TBF it gives me an excuse to check my work email as much, so I'm not that bothered.
Agreed. I think someone mentioned earlier in this thread that Android gives users that notice.
Out of curiosity and maybe because I'm tired and nothing thinking right. But how do you actually remote wipe an employees personal device? By bringing their personal device, do you also install software on the device to allow this functionality?
I understand with iCloud you can send a remote wipe, but you wouldn't be setting up an employee's personal phone for this.
The Exchange ActiveSync protocol allows a remote wipe.
When the employee adds the their work Exchange account to their personal device, and the personal device registers with their employers Exchange server, the device is then able to be remotely wiped by either the employee (if the employer allows that capability via Outlook Web Access) or the employer.
This isn't specific to iOS. I can't think of a device that can NOT be remote wiped if uses Exchange ActiveSync. Android, Palm, Windows Phone, etc.
you know, if your work/univeristy permits access to e-mails through IMAP, and calendars through CalDAV, then you don't have to worry about this, right? IMAP/CalDAV/CardDAV do not afford the ability to remote wipe a phone. Only Exchange ActiveSync does this.
When you connect it to your employer's Exchange server, you automatically grant remote wipe privileges to the server. No other software needs to be installed.
Last edited by a moderator:
Unfortunately at least sometimes, if not often, without your knowledge of that--neither the phone (which can and should easily do it) nor your employer (who is also supposed to do it) might tell you about it, and that's kind of the crazy part of it all.
Not only that, but aside from being able to remotely wipe your phone, which they might never really do, they can and often do enforce other things through this: like certain passcode requirements, possible app restrictions, etc.
I totally agree, any company that lets users connect their personal devices to company resources should make them sign a release outlying exactly what they can do to your device.
And the phone itself should really be able to surface some sort of notice about this kind of thing as well when it comes to adding accounts of this nature.
Another good point. I know Android does this when you connect to an Exchange server.
That's why I am up front with my users about company policy and make them sign a document that they acknowledge it and it goes to HR and is put in their file.
I've only had to wipe 2 devices. The first one was a user who was let go who took the company phone with them and they thought they could keep the number, so I wiped the phone and calle AT&T and had the number suspended and then had a new SIM sent to me with the number reprogrammed on it. The second a user had their phone stolen, so I sent the remote wipe command.
The option is meant to protect the integrity of the company in the event a device is lost or stolen that it contains company information on it. It's not meant to be mean to users, believe me there are some users I'd love to do this too to get even with them lol, but I won't do that, too much of a headache. It's a tool for the company to protect themselves in the event a device is lost or stolen. And IT should be upfront with their users about it, I am.
I've only had to wipe 2 devices. The first one was a user who was let go who took the company phone with them and they thought they could keep the number, so I wiped the phone and calle AT&T and had the number suspended and then had a new SIM sent to me with the number reprogrammed on it. The second a user had their phone stolen, so I sent the remote wipe command.
The option is meant to protect the integrity of the company in the event a device is lost or stolen that it contains company information on it. It's not meant to be mean to users, believe me there are some users I'd love to do this too to get even with them lol, but I won't do that, too much of a headache. It's a tool for the company to protect themselves in the event a device is lost or stolen. And IT should be upfront with their users about it, I am.
Problem solved with Divide app
Like the OP and others, I was shocked to discover that my IT department can wipe my whole phone. I do understand the need to be able to wipe company data from the phone, but in a BYOD world, I don't understand why they need the power to wipe my entire device. Yes, I back up daily, and no, my employer isn't insane (so far) so I don't expect this power to be abused. But that's not the point. The point to me is transparency and consent.
When I followed IT's instructions to access my work Exchange account on my iPhone, at no time was I alerted to the fact that this would give IT the power to wipe my personal iPhone nor was I asked if I consented to it. This fact may be so obvious to IT pros that it goes without saying, but it sure isn't to most ordinary users. Had I been asked to consent to this, I would have quickly hit the "hell, no" button.
Anyway, the main point of this post is to say that, following another poster's suggestion, I deleted the Exchange account from my iPhone, installed the Divide app and hooked that up to the Exchange account. It's a nicely-designed app that seems to solve the problem completely by creating a sort of sandbox where all the company data lives, completely separate from the rest of the iPhone.
Although Divide's documentation isn't completely explicit on this point, I confirmed with their support people that wiping the entire device is not possible via Divide. What gets registered with IT is just the app and its data, and that's all they (or you, the user) can wipe. (I'm not sure this is also true for Android devices as I think they give the app a lot more access to the OS.) You of course retain the ability to wipe your whole device via Apple's tools.
Like the OP and others, I was shocked to discover that my IT department can wipe my whole phone. I do understand the need to be able to wipe company data from the phone, but in a BYOD world, I don't understand why they need the power to wipe my entire device. Yes, I back up daily, and no, my employer isn't insane (so far) so I don't expect this power to be abused. But that's not the point. The point to me is transparency and consent.
When I followed IT's instructions to access my work Exchange account on my iPhone, at no time was I alerted to the fact that this would give IT the power to wipe my personal iPhone nor was I asked if I consented to it. This fact may be so obvious to IT pros that it goes without saying, but it sure isn't to most ordinary users. Had I been asked to consent to this, I would have quickly hit the "hell, no" button.
Anyway, the main point of this post is to say that, following another poster's suggestion, I deleted the Exchange account from my iPhone, installed the Divide app and hooked that up to the Exchange account. It's a nicely-designed app that seems to solve the problem completely by creating a sort of sandbox where all the company data lives, completely separate from the rest of the iPhone.
Although Divide's documentation isn't completely explicit on this point, I confirmed with their support people that wiping the entire device is not possible via Divide. What gets registered with IT is just the app and its data, and that's all they (or you, the user) can wipe. (I'm not sure this is also true for Android devices as I think they give the app a lot more access to the OS.) You of course retain the ability to wipe your whole device via Apple's tools.