1. p01890's Avatar
    I have a company-owned Pixel phone with UEM client installed. It created a Work Profile and deployed policies. One of the policies listed in UEM allows obtaining my device location. Android permissions for UEM app show that UEM has permissions to obtain location anytime, and I cannot deny it (greyed the permissions). I can however disable “Location for Work Profile”, or disable the location for the entire phone.

    If I turn off Work Profile location or entire phone location services altogether in settings, does it 100% ensure UEM cannot read my location? Or is it possible that UEM can somehow have the “backdoor” to my GPS/WiFI/Celluar location data in Android even after I turned the location off? In other words, UEM being an admin type of app, and having me previously agree to the UEM policy to obtain location anytime, could Android allow admin apps like UEM to circumvent the disabled location setting in this case and still access the location?
    (UPDATE: I just noticed there is also UEM policy "Allow location requests in work profile to access Google Maps in personal profile". Could that be a backdoor I'm talking about, getting location from the Maps app even after I disabled work location profile?)

    I want to have a 100% guarantee my location will not be read by my company when I don’t want it to, but without powering off my phone completely.

    To keep this topic focused – this is not about the legalities and rationales. In a nutshell, I often have my company phone with me after hours, and I want to be able to use it but without my company tracking my location all the time. Also, there are reports about apps trying to determine location even after it’s disabled, based on other data such as time zone, barometer etc. I don’t want to talk about those non-standard use case. My question is only about the primary location parameters: GPS, WiFi, and Cellular, and I just want to know what is and isn’t possible in Android for admin apps like UEM.
    Last edited by p01890; 04-25-20 at 10:56 AM. Reason: clarifications
    04-25-20 12:42 AM
  2. brookie229's Avatar
    I've no idea if this would help but check this: https://f-droid.org/en/packages/com....ivatelocation/

    Probably not helpful due to UEM.
    04-25-20 09:11 AM
  3. Elephant_Canyon's Avatar
    I want to have a 100% guarantee my location will not be read by my company when I don’t want it to, but without powering off my phone completely.
    Powering off your phone is the only way to completely guarantee that your location can't be seen when you don't want it to be.
    04-25-20 12:42 PM
  4. p01890's Avatar
    Powering off your phone is the only way to completely guarantee that your location can't be seen when you don't want it to be.
    Fair enough, 100% was too strong of an ask, some risk always exists. I'm looking for people who have first-hand knowledge about this subject, either hands-on Blackberry admins, or Android developers, to tell me if UEM can report location back to the server even after I disable it in settings.
    04-25-20 08:55 PM
  5. p01890's Avatar
    I did not get any informative replies to my post, so I’m going to simplify my question and make it very brief one more time.

    The question would be for UEM/BES server administrators:

    I assume there is a function on the BES server side to locate a mobile phone. Have any of you ever tested it with a phone in which the Location setting was turned off in the phone settings? Can or cannot BES locate the phone in this case??
    06-15-20 02:14 PM
  6. Chuck Finley69's Avatar
    I did not get any informative replies to my post, so I’m going to simplify my question and make it very brief one more time.

    The question would be for UEM/BES server administrators:

    I assume there is a function on the BES server side to locate a mobile phone. Have any of you ever tested it with a phone in which the Location setting was turned off in the phone settings? Can or cannot BES locate the phone in this case??
    Any opinions @Rodney Wilder
    06-15-20 04:54 PM
  7. Chuck Finley69's Avatar
    I did not get any informative replies to my post, so I’m going to simplify my question and make it very brief one more time.

    The question would be for UEM/BES server administrators:

    I assume there is a function on the BES server side to locate a mobile phone. Have any of you ever tested it with a phone in which the Location setting was turned off in the phone settings? Can or cannot BES locate the phone in this case??
    Since device is company owned, I suspect that permissions can be enabled remotely from company side regardless of your wishes.
    06-15-20 04:57 PM
  8. p01890's Avatar
    Since device is company owned, I suspect that permissions can be enabled remotely from company side regardless of your wishes.
    I guess that’s possible. But wouldn't there be an explicit policy in the UEM client stating that? I don't see such a policy in the list on my device. Plus, if UEM could just enable the location anytime, why would they need other elaborate location policies, such as “Allow Work profile to obtain the Maps location from personal profile” (see my original post). It doesn’t add up. Anyway, seems like we are taking guesses again. I was hoping admins here could give me an answer based on the first-hand knowledge of what they have observed. I would think location tracking is one of the most common things they have to set up, but I’m not having much luck. here. I am wondering if this is even the right forum for me to post this question..?
    06-18-20 12:45 AM
  9. Dunt Dunt Dunt's Avatar
    My guess is if its a company owned phone and setup as such on their UEM, and thus the Work Policy active on the device is setup with Admin rights.... yes they can track their phone, even if you disable location services for yourself.


    This is becoming tricky with some countries enabling privacy laws that limit doing this... without making employees clearly aware of it. So most big companies have it outlined in the employee "handbook" you should have gotten and signed upon hiring or that might be updated from time to time.
    06-18-20 07:33 AM
  10. Chuck Finley69's Avatar
    I guess that’s possible. But wouldn't there be an explicit policy in the UEM client stating that? I don't see such a policy in the list on my device. Plus, if UEM could just enable the location anytime, why would they need other elaborate location policies, such as “Allow Work profile to obtain the Maps location from personal profile” (see my original post). It doesn’t add up. Anyway, seems like we are taking guesses again. I was hoping admins here could give me an answer based on the first-hand knowledge of what they have observed. I would think location tracking is one of the most common things they have to set up, but I’m not having much luck. here. I am wondering if this is even the right forum for me to post this question..?
    I queried someone very experienced right above my reply to you. Also, Dunt replied to you as well. I suppose that UEM administrators may avoid wanting to discuss or clearly answer your question.

    If you’re off the clock, why does your employer care about where you’re at? Let them see you leaving the strip club for the swingers club down the street...
    06-18-20 05:32 PM
  11. conite's Avatar
    I queried someone very experienced right above my reply to you. Also, Dunt replied to you as well. I suppose that UEM administrators may avoid wanting to discuss or clearly answer your question.

    If you’re off the clock, why does your employer care about where you’re at? Let them see you leaving the strip club for the swingers club down the street...
    A purely hypothetical situation, and not drawn from recent personal experience.
    06-18-20 06:47 PM
  12. Chuck Finley69's Avatar
    A purely hypothetical situation, and not drawn from recent personal experience.
    LMAO - who me? It’s not like I live in Tampa now.... wait, I do live here.....

    I choose to invoke my Fifth Amendment constitutional right.
    Laura Knotek likes this.
    06-18-20 09:28 PM
  13. p01890's Avatar
    I suppose that UEM administrators may avoid wanting to discuss or clearly answer your question.
    Yes, I get the sense admins are not sharing the knowledge. Although I wasn't asking about specific things companies may be doing, merely about typical UEM capabilities. I'm wondering if admins sign some non disclosure to stay away from any discussions on these topics. Which makes me think that things like location could be tracked anytime regardless of the client settings, and without even disclosing such actions to the users. And if it's technically could be done, you have to assume it is being done.

    I’m concluding, unless you are an experienced hands-on MDM administrator, or an Android OS expert who understands what is possible in the Android OS and MDM apps, for a user like me there is no telling on what is really going on behind the scenes with these apps. If it’s a company-owned phone, I’m pretty sure the companies can track and collect anything without being legally obligated to disclose it. But regardless if it’s your personal or company-owned phone, once you have UEM (or any other MDM for that matter) deployed on your phone, you have to assume you lost all control over what could be collected. So, you have to evaluate your personal risk of using MDM under these assumptions.

    Regardless, this was not the post about the policies or legalities, I only wanted to know what's technically possible/not possible with UEM on Android or iOS with regards to location. Interesting thread.
    06-25-20 12:54 AM
  14. Chuck Finley69's Avatar
    Regardless, this was not the post about the policies or legalities, I only wanted to know what's technically possible/not possible with UEM on Android or iOS with regards to location. Interesting thread.
    Well that’s an easy answer. Yes it’s possible and probable.

    All the other stuff just explains why they’re allowed to.
    06-25-20 06:50 AM

Similar Threads

  1. Huawei P40-can it be used with BB Hub?
    By Granehill in forum BlackBerry HUB+ Suite
    Replies: 30
    Last Post: 05-20-20, 03:16 AM
  2. Replies: 14
    Last Post: 04-30-20, 01:38 PM
  3. BBMe apk location in my KEYone.
    By qphone in forum BlackBerry KEYone
    Replies: 6
    Last Post: 04-30-20, 11:38 AM
  4. Can I connect and run my BB Bold 9650 using iPhone 11 Pro’s hot spot?
    By kDoLf hItLr in forum BlackBerry Bold Series
    Replies: 9
    Last Post: 04-29-20, 08:18 AM
  5. Replies: 4
    Last Post: 04-25-20, 10:13 PM
LINK TO POST COPIED TO CLIPBOARD