MDM breaches user privacy in many ways, that are often unknown to employees and even business organizations themselves.
MDM is a mobile security tool that intends to stop data leakage inside business organizations that employ ‘Bring Your Own Device’ (BYOD) policies. MDM usually embodies an agent that is installed in the user devices.
Once the agent is set up, important security functions like password protection, remote data wiping, and declining risky WLAN networks can all be implemented from a centralized admin interface. Companies frequently view MDM as a comprehensive security solution to many of the problems that are associated with BYOD.
MDM solutions might aid companies in stopping data breaches, but they also raise important questions about employee privacy. Many MDM tools allows employers to track all device activity at any given time and this includes personal calls and web traffic.
Additionally, MDM can enable IT teams lock devices, monitor employee locations via GPS, and erase data from laptops, tablets, and phones.
When companies allow BYOD, their employees can use their personal devices to access data that might be used for work tasks. Generally, companies want to safeguard these endpoints with security solutions such as MDM. However, access to data is a double edged sword with MDM because IT teams are given access to devices of employees. Due to this, there is a growing reluctance among employees to let companies install MDM on their personal devices.
When companies compel employees to install MDMs on their personal devices despite their reservations or opposition, it inevitably leads to ‘shadow IT’ which refers to the unauthorized tools and applications that are used by employees in place of the authorised options that are allowed by MDM. This practice creates an absence of visibility and control over data, displaying the requirement for a security solution other than MDM, one that protects employee privacy at the same time protecting business data.
When MDM is deployed to examine traffic for malware, it allows companies to view the contents of the employees’ personal email inboxes, social media accounts and banking information. In particular, the usernames and passwords that are used to login into sensitive accounts, including personal banking accounts, are transmitted in plain text through corporate networks. The MDM also provides visibility into the users downloads of and browsing history, which might expose sensitive information.
Third party apps are also vulnerable to packet sniffing. Even on iOS, where some people are of the belief that app sandboxing curbs employer visibility into user behaviour, companies can check personal communications that are sent through apps including Gmail and Messenger.
MDM solutions can forcefully enable GPS to be active in the background without the user be notified, and spot the locations of managed devices in real time besides draining battery power in the process. Location data also exposes users habits including the places where the employees went after work and on weekends
BYOD to work is not going anyway in the near future, therefore companies need to have a serious look at how the deployment of MDM and the privacy of employees can co-exist together without invading user privacy. Unless the MDM Specifications are changed to block the techniques that invade privacy at the lowest level, employees will never be able to trust an MDM deployed on their mobile phones.