this post was submitted on 22 Jan 2024
659 points (94.6% liked)
People Twitter
7271 readers
1171 users here now
People tweeting stuff. We allow tweets from anyone.
RULES:
- Mark NSFW content.
- No doxxing people.
- Must be a pic of the tweet or similar. No direct links to the tweet.
- No bullying or international politcs
- Be excellent to each other.
- Provide an archived link to the tweet (or similar) being shown if it's a major figure or a politician.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
... actually they aren't wrong. MDMs are given special permissions including but not limited to reading your SMSes and phone records, restricting and monitoring your installed apps and even wiping your device.
I’m not sure what MDM you’re subjected to but I’ve been an MDM engineer for 7 years using Intune and JAMF and no, no SMS or phone records. Even the phone # is blanked out minus the last 4 digits. Yes we can wipe the devices if it’s lost\compromised but personal versus corporate owned devices are limited. I can’t see what apps you have that were personally installed. And the only info I can get are the device stats (SN, IMEI, storage, battery, memory, etc).
Intune and JAMF are not the only MDMs on the market. There are others that do offer these capabilities, at least on Android.
SMS reading:
https://support.sophos.com/support/s/article/KB-000034436?language=en_US
Call log reading:
https://knowledgebase.42gears.com/article/how-to-view-call-logs-on-android-phones-remotely-using-suremdm/
And app lists:
https://help.ivanti.com/mi/help/en_us/cld/admin/ivanti/91/all/en-us/App_Inventory.htm
Yeah I have looked at those solutions and one not on your list (MobileIron, not sure if they’re still around). I don’t know why anyone would choose those solutions but good call.
I also don't know why anyone would use these either FWIW
SMS reading:
https://support.sophos.com/support/s/article/KB-000034436?language=en_US
Call log reading:
https://knowledgebase.42gears.com/article/how-to-view-call-logs-on-android-phones-remotely-using-suremdm/
app lists:
https://help.ivanti.com/mi/help/en_us/cld/admin/ivanti/91/all/en-us/App_Inventory.htm
From the link, emphasis mine. SMC is the MDM in question
2. Read all SMS for Backup.
...why would they need to backup all SMS messages for a filtering option? That just plain does not compute.
Please cite any one of your sources. I've managed MDM for over a decade and you're spreading misinformation.
Absolutely none of the MDM products on the market allow for the reading of personal e-mail, SMS, phone records, etc. On the contrary, almost every single one provides an information screen during the enrollment that makes it abundantly clear that they do not (and can not) access that data. Moreover, the "wipe" of data is the removal of company data. It doesn't wipe your phone, it just removes the work profile (Android) or deprovisions the work profile and associated apps (Apple). All of your non-work-related data is untouched.
Quick Sources for Intune and JAMF -- do your own googling for others:
https://learn.microsoft.com/en-us/mem/intune/protect/privacy-data-collect
https://www.jamf.com/blog/apple-mobile-device-management-faq/
So you're not aware of Sophos's MDM offering? That explicitly states they can make copies of all SMS messages?
https://support.sophos.com/support/s/article/KB-000034436?language=en_US
How about call logs, with SureMDM?
https://knowledgebase.42gears.com/article/how-to-view-call-logs-on-android-phones-remotely-using-suremdm/
Also I said nothing about personal emails.
No, the 'wipe' can be a full factory reset.
https://learn.microsoft.com/en-us/mem/intune/remote-actions/devices-wipe
Edit: typo