Prevent your company from remote wiping your Android phone
NPR recently ran a story called Wipeout: When Your Company Kills Your iPhone, where an unlucky victim had her iphone erased by mistake. This was made possible because she had an application that allows her to sync with a Microsoft Exchange Server. Even though this was her own person phone, an Exchange admin was able to wipe out her data.
The moment you let your company exchange server sync with your personal phone, all bets are off. Keep in mind that data is not yours just because a copy resides on your device.
In the NPR situation, if you have an iPhone or equivalent ‘closed’ device you may be out of luck. Your employer could also accidentally the whole thing to you too. But if you have an Android phone, you will find that you can retain control on an app-by-app basis.
In the Android phone that I’ve tested, it syncs to an exchange server for an email account but it does not automatically get full access. It will request it, but as long as I never allow it, it can’t do squat. And I won’t let it get more access because it doesn’t need any. I can send and receive emails. That’s all I want it to do.
“But what do I have to do to enable such limitations”, you say? – Nothing at all.
When you see a list of requested controls a mile long, don’t just click install and continue. Take the time to contact the developer, or at the least, search for more information before clicking. In any case, it’s best to keep backups of your data, limit access controls, and be mindful anytime you install or update an application. A layered approach is always a good thing.
With all applications you may think of installing on your phone, be wary of the access controls requested. This doesn’t apply to just email and social apps either. A simple toy app that does very little, such as displaying a fancy screen or rotating wallpapers shouldn’t need access to your phone contacts and full internet access.
I realize this is a dated article, but since it is top ranked in Google search, I would like to clarify one thing. The problem is you usually do not have control over this. If you want to use exchange and your company’s exchange server is configured correctly and securely, the exchange server will not allow you to receive/send email from the account until you’ve allowed it the admin access it has requested. So you use it with the understanding your data could be wiped, or do not use it at all (so this is not so different from the iPhone or Blackberry). This makes sense, because what’s the point of having remote wipe security if its use is controlled by the device user and not the server administrator?
Good point about permissions though, you need to watch out for what apps request. Applications like lookout are excellent for this, they detect apps that can read your otherwise private data. I use lookout regularly to make sure my apps behave as I expect.