Google Administration Interface / Google Apps Device - can it track me?

[TeeJay]

So the company email and admin software is isolated inside Knox. Alternately isolate your personal browsing and banking inside Knox. Either way you can't even cut and paste between the main Android apps and the Knox apps, they are completely separate.

They say this but it is not true
I helped someone with a locked device copy a whole bunch of stuff before she quit

Oh and also, Knox has already been hacked
In OPs case it is his own device, so it is quite simple to root the phone and do what you want to

 

[TeeJay]

So is this little app just really spyware allowing my nosy little IT guy to snoop into my phone?

Oh it does all kinds of stuff I am sure you won't like
Here is Googles description
https://support.google.com/a/answer/1734200

 

[mmouse]

Wow a bit o paranoia going on here. Tee jay's link tells you exactly what they can see and do. Viewing your location is not possible. They could do it by changing your password and logging in as you. But then you would know your password was changed. If you're still scared about that, turn off location history on your phone.

Or I guess you can just live in fear and believe everyone's out to get you.

 

[james t kirk]

^^^ I'm not particularly worried about location.

I am concerned about personal emails, phone records, personal texts, personal photos, internet surfing (what sites and when).

I don't think a company should have the right to keep tabs on you whether you like it or not. It's a little too "big brother is watching". They get me for 50 to 60 hours a week, day or night, weekends and holidays if needed. They don't get me 24/7 with the right to judge.

 

[james t kirk]

Oh it does all kinds of stuff I am sure you won't like
Here is Googles description
https://support.google.com/a/answer/1734200

Yes, I saw that yesterday and it confirmed my suspicions.

It is an insidious little app isn't it.

And why I simply am not going to install it.

Now does anyone know how to clear the little reminder to install the app?

 

[mmouse]

Yup, remove the corporate Google account from your phone. If you want to log in to your company shit from your phone, you got to install the app - it's that simple.

 

[TeeJay]

Wow a bit o paranoia going on here. Tee jay's link tells you exactly what they can see and do. Viewing your location is not possible. If you're still scared about that, turn off location history on your phone.

Did you read the link I posted?
They can enable location and lock your ability out to disable it
Among other things

It all depends on how benign his IT guy is
They can restrict a whole lot of stuff

 

[mmouse]

I'm guessing you mean this:

Use app management to restrict users from using a file manager to install apps or share their location in an app.

This does not say they can see your location. It means they can restrict the ability of your apps to share location. Note "restrict" does not mean they can see it in the first place, cos they can't.

If you saw something else please post it, otherwise stop spreading misinformed paranoid bullshit.

 

[fuji]

They say this but it is not true
I helped someone with a locked device copy a whole bunch of stuff before she quit

Oh and also, Knox has already been hacked
In OPs case it is his own device, so it is quite simple to root the phone and do what you want to

Earlier versions of Knox weren't very secure (stored pin in plaintext) and could be hacked if you rooted the device but on the S7 it's been made much better with some elements running in hardware. Modern version use hardware to decrypt the PIN and have an "e fuse" that permanently disabled the ability to access Knox on the device if it's ever rooted or has a non Samsung boot loader installed. You won't be able to access it at all after rooting.

But you missed the point. The point isn't whether YOU could hack it with root on your phone. The point is the company monitoring software is isolated from YOUR data. And if they execute a wipe of your phone is just the Knox partition with their data that gets wiped.

I actually do the reverse and put my personal stuff in Knox. Specifically because I care more about keeping my banking secure than the company email. To get into my phone and read company email you just need a fingerprint, which can be spoofed. But to get to my banking you need to launch Knox which requires a PIN to decrypt the data. Also when I cross the border I delete Knox entirely leaving only work related material on the phone.

Nothing is perfectly secure but for me that hits the right balance between convenience (fingerprint access to work email and calendar, music, and map) and security (additional PIN to get to browser, banking, personal email inside Knox).

The way I did it it does mean the company could wipe my whole phone but I have nothing I can't rebuild there so I'm ok with that and if I lose my phone likely glad of it.

 

[lurkerdick]

if the company reimburses you for mobile invoices... it's their phone and yes you can be tracked down to the toilet ...just turn it off a block or two before entering the honey pot :tea:

 

[SchlongConery]

if the company reimburses you for mobile invoices... it's their phone and yes you can be tracked down to the toilet ...just turn it off a block or two before entering the honey pot :tea:

No it is not their phone unless they purchased it and then provided it to their employee.

 

[explorerzip]

More reason not to mix personal and business stuff on the same device. Getting the company to buy you a business only phone would be a good start, though you'd be carrying 2 devices at all times. Another way to mitigate your exposure is to use Incognito mode in your browser (I assume Chrome on Android.) Technically speaking, the company can track so many things like location, visited web-sites, etc once that Google Device Management app is on your phone. That's the reason it exists.

 

[james t kirk]

if the company reimburses you for mobile invoices... it's their phone and yes you can be tracked down to the toilet ...just turn it off a block or two before entering the honey pot :tea:

My name is on the contract friend. End of story.

When I was hired, the reimbursement of the cost of the phone was agreed upon as part of my job offer.

If I get fired they simply stop paying for it and I'm on the hook for the contract.

 

[james t kirk]

Problem is solved.

I spoke to IT guy and told him it was my personal phone and to please remove the spy-ware.

And he did exactly that.

Hopefully that is the end of the story.

Interestingly enough, if I still had my old BlackBerry z10, the spy-ware would have been useless. (A guy I work with still has a BlackBerry Z30 and it's immune to the evils of google.)

And I used to have a personal phone (Apple 6s) and it died a very premature death so I just got rid f the whole 2 phone set up as it didn't seem logical. Maybe it was.