1. slapshotz's Avatar
    Hi. I apologize if i'm not allowed to post here, but my question is for BES administrators.

    I'm new to BB and don't understand how BES works. My question is, what does my IT administrator have access to on my BB when using BES?

    i'm not worried about appointments, email or contacts, but i was told they could also accesss personal email accounts, phone logs, all my text messages, and files like my ewallet passwords...basically anything i keep on my blackberry.

    Your help and advice is TRULY appreciated.
    02-11-09 01:28 PM
  2. Rh1noo's Avatar
    Hi Slapshotz,

    If your running on a 4.1 BES then phone call logging is switched on by default. If they decide to switch on SMS logging then full details of the SMS including the message content is recorded in the log.

    There is also location tracking but I haven't seen anyone using this in anger and I couldn't find a log file when I tested it. It may require an app on the device to report the location.

    As for application data I don't think that this is transfered to the BES in any way.

    They can also see the staus of the device from the BES. This will include an audit of what software and service books are on the device.
    02-11-09 04:35 PM
  3. slapshotz's Avatar
    Thanks Rh1noo. I must be far more concerned with privacy than a typical user since this sounds pretty unappealing. My supervisors are fine people, but I still would rather keep my personal email personal. I guess i might be stuck dealing with BIS.
    02-11-09 04:42 PM
  4. necr0tic's Avatar
    the sys admin knows all and sees all. and there's nothing you can do to stop us.
    02-12-09 01:39 PM
  5. gellmanb's Avatar
    Hi, I recognize that my company may lawfully log and copy everything on my BES-provisioned BB, and that recent BES versions have many CAPABILITIES for doing so. I'd like to ask my IT department to disclose what exactly IS BEING monitored or logged, by my company's policy. I'd like to ask a list of questions that make sense to a BES administrator -- e.g. I'd like to ask whether my personal emails, SMS texts, contents of PIM data (I sync only email wirelessly, but calendar contacts and tasks by USB to desktop), my location, etc, are monitored. I'd like to know whether the BES admin knows or could know my device password, which I set myself. Contents of microSD card?

    Would someone knowledgeable kindly give me a list of the things that are or can be monitored and logged, and perhaps the options available for each? I'd be most grateful.
    09-22-09 02:53 PM
  6. 32secret's Avatar
    Hi. I apologize if i'm not allowed to post here, but my question is for BES administrators.

    I'm new to BB and don't understand how BES works. My question is, what does my IT administrator have access to on my BB when using BES?

    i'm not worried about appointments, email or contacts, but i was told they could also accesss personal email accounts, phone logs, all my text messages, and files like my ewallet passwords...basically anything i keep on my blackberry.

    Your help and advice is TRULY appreciated.
    I don't understand how BES works either, so I have the same questions.

    Rh1n00 - When you said application data is not transferred, does that include BB Messenger, or is that treated like SMS message and the content can be captured and viewed? And what about files sent via BBM?

    Thanks!
    11-10-09 02:06 PM
  7. ifly4fun's Avatar
    I was going to type this all out, but found it conveniently outlined by Joolie at port3101..

    What syncs/is stored/is accessed by the BES includes:
    Corporate email
    Corporate calendar
    Corporate PIM data (address book, memo pad, tasks)
    Browser bookmarks
    Browser site history (via the BlackBerry Browser)
    Password Keeper data (although this cannot be accessed in any way, even when restored to another device, without the PK password)
    PIN messaging data (including the actual message sent/received); logging turned off by default
    Phone call data (date/time of call, number called/received, length of call); logging turned on by default
    Text message data (including the actual verbage of the text message); logging turned off by default
    Blackberry Messenger data (this one is extremely klunky to get and I don't know a single BES Admin that turns this one on)
    All applications installed on the device (games, stock apps, etc.)
    OS version installed on the device (so we'll know if you upgraded to a beta OS!)
    In addition anything that is a part of automatic wireless backup could *technically* be viewed by performing a restore to a new device.

    What a BES Admin can't see:
    BIS email messages (I *might* be able to see what service books you have, but cannot read the messages)
    Browser site history (via internet/WAP Browser)
    3rd party IM messages (Yahoo!, MSN, etc), although I can see which of these applications you have installed.
    BlackBerry Messenger contact names/PINs


    Keep in mind that as a bes admin, they likely have access to an exchange account that has access to all exchange mailboxes, so they have access to all corporate email - but this isn't through BES but rather Exchange.

    BesAdmin's do NOT have access to BIS (Personal) email accounts that may be configured on a BES attached device.

    By Default SMS/PIN messages are not logged, but can be turned on without the end users knowledge.
    11-11-09 07:16 PM
  8. georgecostanza's Avatar
    great info above, thanks!

    one question - can BES admins see data that is transferred via BBM? for example, if someone sends me a picture, can the BES admin see the picture?
    03-13-10 08:21 AM
  9. dynot's Avatar
    What about video and picture files? Can either the content or file names be seen?
    03-13-10 09:09 PM
  10. murialita's Avatar
    Questions like these always make me wonder just what people are putting on their BES connected Berrys. Is this your personal phone, or is it a company supplied one? I can see privacy concerns on personal phones, but company phones are supplied by the company for work, not play. The safest way to make sure your data cannot be seen is to not have it on there in the first place.

    That being said, I personly have not seen any options to view stored files from the server. Of course, that wouldn't stop me from changing your password and not tell you what it is unless I first inspect the phone. There would have to be some major concern by management to make me do this, but it is possible. There's also the case that just happened recently where one of our BlackBerry users got fired suddenly. Due to the nature of it, all his passwords were immediately changed, accounts disabled, etc. Before a wipe could be done, our lawyer had to go through the files and such to make sure there was no company data that needed to be transfered to the new user. At that point, we had complete access to 6 of his personal emails, personal files, personal messenger contacts, and personal applications. Granted, I didn't go in to anything, and after making sure the company data was safe I actually wiped the phone and reinstalled the operating system, but some admins may not be the most honest people.


    Most of the time, admins could really care less about what you put on your Berry, and really don't have time to monitor what you do. But if you do things to stand out, like get caught doing something wrong, make someone suspicious of you, or start asking lots of questions like these, you can become a target.
    03-15-10 11:14 AM
  11. bbwitch's Avatar
    I think people are more concerned about what Admins can see from the server, but I am always amazed by the amount of people who will hand over their corporate device for some minor problem to be resolved and leave personal racy text messages....People need to be more conscious of what they're doing in the first place. If you don't want us to view it on the server, don't hand it to us on the device!
    03-26-10 02:24 PM
LINK TO POST COPIED TO CLIPBOARD