MDM admin here. I’m much more familiar with iOS, but newer versions of Android will completely sandbox work profiles from the personal side. Work stuff will be encrypted and the admins cannot access anything outside of that.
Yep. Work profile and apps are completely disparate, and it’s actually kind of tough to transfer any data across the boundary even if you wanted to. Any time I need to send a picture to my work Slack I have to remind myself to use the work profile camera app.
It’s the same tech that powers the Secure Folder thing in Android devices. My older S8 was on Android 8 or 9 and still had this functionality, so I’m not sure how old you’d have to go to have a less secure setup.
I don’t have an exhaustive understanding of how it works and limits data, but on my android, it essentially has two partitions, one for personal and one for work. They do not share data. In order to take and share a photo on my work Teams chat, it has to be taken either from within teams or with the camera app on the work partition. It cannot access my personal gallery. I have Teams on my personal partition from an old job that I still help out from time to time, and the same exact Teams app installed on my work partition. They are not connected in any way. The only thing that doesn’t require me to put in a pin to access on my work parition are the notifications.
Most of the limitations I experience from my side are in my own access to work resources. I can’t say with confidence that those same limitations go both ways. But it does seem like that is probably the case.
Within the Intune MDM space, a separate partition is created on the device that essentially isolates work apps/data from personal apps/data. I, as a sys admin, have control over the “work” space, but no control over the personal side of things.
We don’t have a very heavy handed approach to monitoring usage etc for mobile devices or even laptops and this has been the case with most of my previous jobs.
That said, I’m sure there are IT departments out there with a ton of staff and a big budget that can and will get quite granular with what you are doing on your devices (keylogging, etc)
How does Android protect against this?
Also can you have different profiles for this? Would that require two SIM slots? I don’t play around with profiles so I have no idea.
MDM admin here. I’m much more familiar with iOS, but newer versions of Android will completely sandbox work profiles from the personal side. Work stuff will be encrypted and the admins cannot access anything outside of that.
Surprised I had to scroll this far to find this!
Yep. Work profile and apps are completely disparate, and it’s actually kind of tough to transfer any data across the boundary even if you wanted to. Any time I need to send a picture to my work Slack I have to remind myself to use the work profile camera app.
It’s the same tech that powers the Secure Folder thing in Android devices. My older S8 was on Android 8 or 9 and still had this functionality, so I’m not sure how old you’d have to go to have a less secure setup.
I think this mastodon post is inaccurate.
I don’t have an exhaustive understanding of how it works and limits data, but on my android, it essentially has two partitions, one for personal and one for work. They do not share data. In order to take and share a photo on my work Teams chat, it has to be taken either from within teams or with the camera app on the work partition. It cannot access my personal gallery. I have Teams on my personal partition from an old job that I still help out from time to time, and the same exact Teams app installed on my work partition. They are not connected in any way. The only thing that doesn’t require me to put in a pin to access on my work parition are the notifications.
Most of the limitations I experience from my side are in my own access to work resources. I can’t say with confidence that those same limitations go both ways. But it does seem like that is probably the case.
Within the Intune MDM space, a separate partition is created on the device that essentially isolates work apps/data from personal apps/data. I, as a sys admin, have control over the “work” space, but no control over the personal side of things.
We don’t have a very heavy handed approach to monitoring usage etc for mobile devices or even laptops and this has been the case with most of my previous jobs.
That said, I’m sure there are IT departments out there with a ton of staff and a big budget that can and will get quite granular with what you are doing on your devices (keylogging, etc)