Corporate Spyware

metropolis_4

Rock Star
Messages
2,904
When does it go too far and become an invasion of privacy?

My company wants me to start using my personal phone for business email and such. But before I’m allowed to do that I have to sign an agreement and install their spyware that tracks everything on my personal device and gives them a back door where they have carte blanche to tunnel into it anytime they want and delete anything they choose, up to wiping my entire device. Without any notice.

The agreement says it is “not our intent” to collect personal data unrelated to work. Which I notice doesn’t actually say they won’t and sounds like legal speak for “we just collect everything”.

I told them what they could do with that agreement and if they are going to require this for my job I’ll expect them to provide a work phone for me.
 
When does it go too far and become an invasion of privacy?

My company wants me to start using my personal phone for business email and such. But before I’m allowed to do that I have to sign an agreement and install their spyware that tracks everything on my personal device and gives them a back door where they have carte blanche to tunnel into it anytime they want and delete anything they choose, up to wiping my entire device. Without any notice.

The agreement says it is “not our intent” to collect personal data unrelated to work. Which I notice doesn’t actually say they won’t and sounds like legal speak for “we just collect everything”.

I told them what they could do with that agreement and if they are going to require this for my job I’ll expect them to provide a work phone for me.

Remember, "sign an agreement" always equals "so you can sign your rights/freedoms away and we can legally cover our asses for doing so".

1. What country is this?
2. In most cases, time to get a new job, because that is straight-up tyranny, homie.
3. If in US, get Legal Shield (affordable attys) and have an attorney draft a SLL (Scary Lawyer Letter) to them.
4. Even if you do (3.), there's a chance they'll look at you as an upstart and boot you to the curb for no reason or any reason (if "right to work" state).
5. Help out others: post an anonymous review on Glassdoor.com letting others know this company's tyrannical policies.
 
Yeah, that ain't happening - most places give you a work phone before trying that crap these days.

I have one that only gets used for work, and rarely ever leaves my office desk. I do check it periodically but I don't sweat it.
 
I Dont Think So No Way GIF by FTX_Official
 
Oh hell no. Company needs to provide a device if they want a back door

Also I thought there was laws requiring some form of reimbursement if a company wants to make you use a personal cell phone for work purposes?
 
Make them provide you a corporate phone. Then, forward all calls from that phone to your personal phone. That way, you can ship the corporate phone to friends all over the country, and back again. Leave it on of course, for tracking.
 
My company wants me to start using my personal phone for business email and such.
Want, but can't force.

If carrying a phone is a necessary component of the job they need to either provide a stipend for that phone or a phone. You're not required to allow them to access your personal device.

Of course, if it's an at-will employment state, they're also not required to keep you on the payroll if they don't particularly feel like it.

So what you do here really depends on how much leverage you have and what you think the consequences will be.

FWIW, a lifetime in high tech, we've always just provided work phones if people were uncomfortable adding corporate management to their personal phone. Most people, in my experience, are fine with it because two phones is a PIA. We do try and be good about how that access is used.
 
It's also important to note what it is, precisely, that they're doing. For most of the companies I've worked for what's getting installed is a certificate that allows remote management and beyond that nothing else. The remote management is used in case the device is lost to trigger a lock and/or wipe of the device from Corp Sec or Corp IT. Given phones are used for a lot of corporate 2FA, that's important to be able to do.
 
It's also important to note what it is, precisely, that they're doing. For most of the companies I've worked for what's getting installed is a certificate that allows remote management and beyond that nothing else. The remote management is used in case the device is lost to trigger a lock and/or wipe of the device from Corp Sec or Corp IT. Given phones are used for a lot of corporate 2FA, that's important to be able to do.
Yes, but it shouldn't be asked to be implemented on a personal device.
 
Yeah they should never suggest that to anyone who works for them. Most people use banking apps on their personal device and having remote access from your company on there is not acceptable.

. I'll just echo everyone else and say they need to be providing you with a work phone if they want you to be contactable while you're mobile.
 
Even if they were paying my bill (which they should,) I’d tell them to sit and spin if they wanted any sort of configuration profile installed.
 
If reimbursement is on the table (which I think it technically is required) than I'd just add a cheaper phone to my plan to be used only for work and they could do whatever to that.
 
Back
Top