Can I really deny UEM my location data?
- I have a company-owned Pixel phone with UEM client installed. It created a Work Profile and deployed policies. One of the policies listed in UEM allows obtaining my device location. Android permissions for UEM app show that UEM has permissions to obtain location anytime, and I cannot deny it (greyed the permissions). I can however disable “Location for Work Profile”, or disable the location for the entire phone.
If I turn off Work Profile location or entire phone location services altogether in settings, does it 100% ensure UEM cannot read my location? Or is it possible that UEM can somehow have the “backdoor” to my GPS/WiFI/Celluar location data in Android even after I turned the location off? In other words, UEM being an admin type of app, and having me previously agree to the UEM policy to obtain location anytime, could Android allow admin apps like UEM to circumvent the disabled location setting in this case and still access the location?
(UPDATE: I just noticed there is also UEM policy "Allow location requests in work profile to access Google Maps in personal profile". Could that be a backdoor I'm talking about, getting location from the Maps app even after I disabled work location profile?)
I want to have a 100% guarantee my location will not be read by my company when I don’t want it to, but without powering off my phone completely.
To keep this topic focused – this is not about the legalities and rationales. In a nutshell, I often have my company phone with me after hours, and I want to be able to use it but without my company tracking my location all the time. Also, there are reports about apps trying to determine location even after it’s disabled, based on other data such as time zone, barometer etc. I don’t want to talk about those non-standard use case. My question is only about the primary location parameters: GPS, WiFi, and Cellular, and I just want to know what is and isn’t possible in Android for admin apps like UEM.Last edited by p01890; 04-25-20 at 10:56 AM. Reason: clarifications
04-25-20 12:42 AMLike 0 - I've no idea if this would help but check this: https://f-droid.org/en/packages/com....ivatelocation/
Probably not helpful due to UEM.04-25-20 09:11 AMLike 0 - Powering off your phone is the only way to completely guarantee that your location can't be seen when you don't want it to be.04-25-20 12:42 PMLike 0
- Fair enough, 100% was too strong of an ask, some risk always exists. I'm looking for people who have first-hand knowledge about this subject, either hands-on Blackberry admins, or Android developers, to tell me if UEM can report location back to the server even after I disable it in settings.04-25-20 08:55 PMLike 0
- I did not get any informative replies to my post, so I’m going to simplify my question and make it very brief one more time.
The question would be for UEM/BES server administrators:
I assume there is a function on the BES server side to locate a mobile phone. Have any of you ever tested it with a phone in which the Location setting was turned off in the phone settings? Can or cannot BES locate the phone in this case??06-15-20 02:14 PMLike 0 - I did not get any informative replies to my post, so I’m going to simplify my question and make it very brief one more time.
The question would be for UEM/BES server administrators:
I assume there is a function on the BES server side to locate a mobile phone. Have any of you ever tested it with a phone in which the Location setting was turned off in the phone settings? Can or cannot BES locate the phone in this case??06-15-20 04:54 PMLike 0 - I did not get any informative replies to my post, so I’m going to simplify my question and make it very brief one more time.
The question would be for UEM/BES server administrators:
I assume there is a function on the BES server side to locate a mobile phone. Have any of you ever tested it with a phone in which the Location setting was turned off in the phone settings? Can or cannot BES locate the phone in this case??06-15-20 04:57 PMLike 0 - I guess that’s possible. But wouldn't there be an explicit policy in the UEM client stating that? I don't see such a policy in the list on my device. Plus, if UEM could just enable the location anytime, why would they need other elaborate location policies, such as “Allow Work profile to obtain the Maps location from personal profile” (see my original post). It doesn’t add up. Anyway, seems like we are taking guesses again. I was hoping admins here could give me an answer based on the first-hand knowledge of what they have observed. I would think location tracking is one of the most common things they have to set up, but I’m not having much luck. here. I am wondering if this is even the right forum for me to post this question..?06-18-20 12:45 AMLike 0
- My guess is if its a company owned phone and setup as such on their UEM, and thus the Work Policy active on the device is setup with Admin rights.... yes they can track their phone, even if you disable location services for yourself.
This is becoming tricky with some countries enabling privacy laws that limit doing this... without making employees clearly aware of it. So most big companies have it outlined in the employee "handbook" you should have gotten and signed upon hiring or that might be updated from time to time.06-18-20 07:33 AMLike 0 - I guess that’s possible. But wouldn't there be an explicit policy in the UEM client stating that? I don't see such a policy in the list on my device. Plus, if UEM could just enable the location anytime, why would they need other elaborate location policies, such as “Allow Work profile to obtain the Maps location from personal profile” (see my original post). It doesn’t add up. Anyway, seems like we are taking guesses again. I was hoping admins here could give me an answer based on the first-hand knowledge of what they have observed. I would think location tracking is one of the most common things they have to set up, but I’m not having much luck. here. I am wondering if this is even the right forum for me to post this question..?
If you’re off the clock, why does your employer care about where you’re at? Let them see you leaving the strip club for the swingers club down the street...06-18-20 05:32 PMLike 0 - I queried someone very experienced right above my reply to you. Also, Dunt replied to you as well. I suppose that UEM administrators may avoid wanting to discuss or clearly answer your question.
If you’re off the clock, why does your employer care about where you’re at? Let them see you leaving the strip club for the swingers club down the street...06-18-20 06:47 PMLike 0 -
I choose to invoke my Fifth Amendment constitutional right.Laura Knotek likes this.06-18-20 09:28 PMLike 1 -
I’m concluding, unless you are an experienced hands-on MDM administrator, or an Android OS expert who understands what is possible in the Android OS and MDM apps, for a user like me there is no telling on what is really going on behind the scenes with these apps. If it’s a company-owned phone, I’m pretty sure the companies can track and collect anything without being legally obligated to disclose it. But regardless if it’s your personal or company-owned phone, once you have UEM (or any other MDM for that matter) deployed on your phone, you have to assume you lost all control over what could be collected. So, you have to evaluate your personal risk of using MDM under these assumptions.
Regardless, this was not the post about the policies or legalities, I only wanted to know what's technically possible/not possible with UEM on Android or iOS with regards to location. Interesting thread.06-25-20 12:54 AMLike 0 -
All the other stuff just explains why they’re allowed to.06-25-20 06:50 AMLike 0
- Forum
- Enterprise
- BlackBerry Secure UEM & Productivity Suites
Can I really deny UEM my location data?
Similar Threads
-
Huawei P40-can it be used with BB Hub?
By Granehill in forum BlackBerry HUB+ SuiteReplies: 30Last Post: 05-20-20, 03:16 AM -
Can I use my BlackBerry Key2 for next four years without lag?!
By rs2505 in forum BlackBerry KEY2Replies: 14Last Post: 04-30-20, 01:38 PM -
BBMe apk location in my KEYone.
By qphone in forum BlackBerry KEYoneReplies: 6Last Post: 04-30-20, 11:38 AM -
Can I connect and run my BB Bold 9650 using iPhone 11 Pro’s hot spot?
By kDoLf hItLr in forum BlackBerry Bold SeriesReplies: 9Last Post: 04-29-20, 08:18 AM -
From PRIV to KEY2, some questions about my personal usage.
By Enlokan in forum Ask a QuestionReplies: 4Last Post: 04-25-20, 10:13 PM
LINK TO POST COPIED TO CLIPBOARD