Google Administration Interface / Google Apps Device - can it track me?

james t kirk · Feb 20, 2017

Our IT dude just sent out a link to all employees telling us that we must install "Google Device Management App" on our mobile phones.

(We use the google cloud system for our network / email, etc.)

My question is, how insidious is this little seemingly harmless app? IT guy says that it just allows them to "better track the company's equipment". IT guy says it also allows them to delete the contents of the phone should it be lost.

Immediately the alarm bells went off. I don't like being tracked by anyone ever. (I realize that google is already like this, but this friendly app would seem to only make it worse.)

Some further info....

My phone is my own. It's in my name, I pay the bill, though the company does reimburse me for my cell phone bill. I have personal photos on there, personal texts, my own email, etc. If I surf TERB on it, I switch to firefox so as not leave a google history trail.

The cell phone is password protected. If you try to guess my access code and fail after 10 tries, it deletes the entire contents of the phone.

So is this little app just really spyware allowing my nosy little IT guy to snoop into my phone?

doggee_01 · Feb 20, 2017

if its your phone tell them to fuck off!. now if they want it on then they can provide you with a phone. now they may stop reimbursing you for the phone then tell them you don't have one for business!

james t kirk · Feb 20, 2017

doggee_01 said:
if its your phone tell them to fuck off!. now if they want it on then they can provide you with a phone. now they may stop reimbursing you for the phone then tell them you don't have one for business!

Hundreds of our clients have my cell number to contact me.

Giving me a new number would not be in their interest and me continuing to use it for business purposes without reimbursement won't happen.

SchlongConery · Feb 20, 2017

Here is some info from 2014

https://productforums.google.com/forum/#!topic/apps/C238DuJsmcU

mmouse · Feb 21, 2017

The main point of it is to make sure you have a lock screen password so that someone can't read your company shit if your phone is lost or stolen. They can also remotely wipe it when that happens. But they can't track your location.

oldjones · Feb 21, 2017

james t kirk said:
Hundreds of our clients have my cell number to contact me.

Giving me a new number would not be in their interest and me continuing to use it for business purposes without reimbursement won't happen.

Look what opting for convenience and not separating business from personal did for Hillary's career prospects.

People used to cope with new phone numbers all the time, and still can. The businesses that now claim they 'must' piggyback on your phone plan used to buy and maintain bushels of cell phones their employees couldn't buy for themselves. They can still dig up that level of competence if the need arises, although the convenience of one phone for two purposes suits everyone. Until things change and it doesn't suit anymore.

If this is BulletBiting Day, you could offer your phone and number to the company and transfer ownership entirely, while you do a new deal for your private phone. Or you could try to get them to do the new deal, new phone thing while you keep the old. Either way, the same old methods to let our contacts know about new numbers are still available: Tell them when they call, inform them by other means, although we now have many more tools than receptionists and postcards (many of them automated) to get that job done. Wiping the contact info we didn't want to share was a whole lot easier in the olden days though, back when ashtrays were everywhere.

Good luck. Remember Hillary.

james t kirk · Feb 21, 2017

mmouse said:
The main point of it is to make sure you have a lock screen password so that someone can't read your company shit if your phone is lost or stolen. They can also remotely wipe it when that happens. But they can't track your location.

I have a screen lock and a password.

I don't like giving the IT guy we have any access to my phone. Not ever. It is also my personal phone and Christ only knows what he can or can't root around for and find. I have personal information in the form of contacts, emails, texts, photos as well as overall usage of the data. I simply don't see the need for him to have access to my phone. (He's definitely the hacker kind of IT guy shall we say.)

If I was to quit for any reason, since my work email is a corporate ID that he administers, he could flick a switch and I'm 100% out of the network. Of that I'm sure and I'm ok with that.

I did a little reading on line and there is conflicting information out there.

So I was figuring to simply set up a new personal gmail account, then add that new account to my phone. By doing so, then I could add the feature to the personal gmail account (which I don't need to use.) Then if the phone gets lost, me and only me could either trace the phone, or wipe it if I can see that it's gone genuinely missing.

Butler1000 · Feb 21, 2017

Time to get a hobby phone. That's the simplest solution. Cheap pay as you go.

Or as someone says you can tell them you don't feel comfortable with tracking software on your phone as a matter of principle. So if they want that level they can supply a phone. And it will be up to you to contact your client base with new contact information.

james t kirk · Feb 21, 2017

oldjones said:
Look what opting for convenience and not separating business from personal did for Hillary's career prospects.

People used to cope with new phone numbers all the time, and still can. The businesses that now claim they 'must' piggyback on your phone plan used to buy and maintain bushels of cell phones their employees couldn't buy for themselves. They can still dig up that level of competence if the need arises, although the convenience of one phone for two purposes suits everyone. Until things change and it doesn't suit anymore.

If this is BulletBiting Day, you could offer your phone and number to the company and transfer ownership entirely, while you do a new deal for your private phone. Or you could try to get them to do the new deal, new phone thing while you keep the old. Either way, the same old methods to let our contacts know about new numbers are still available: Tell them when they call, inform them by other means, although we now have many more tools than receptionists and postcards (many of them automated) to get that job done. Wiping the contact info we didn't want to share was a whole lot easier in the olden days though, back when ashtrays were everywhere.

Good luck. Remember Hillary.

Having my own phone for business purposes makes sense to me. If they fire me (not that I'm figuring that they or more accurately, HE will), the phone number stays with me and my contacts can always get a hold of me. I have 0 intentions of signing over the phone number to my employer. I realize that I could simply put out an email to everyone and his brother that my number has changed, but that's labourious and frankly, when people get those kinds of messages, they often fall by the wayside. 3 years on, I still get mail sent to an old business address despite repeated messages to the offenders that my business address has changed.

james t kirk · Feb 21, 2017

Butler1000 said:
Time to get a hobby phone. That's the simplest solution. Cheap pay as you go.

Or as someone says you can tell them you don't feel comfortable with tracking software on your phone as a matter of principle. So if they want that level they can supply a phone. And it will be up to you to contact your client base with new contact information.

It's not about using the phone for the hobby. To be honest, I have not partaken in the hobby in 4 or 5 years other than 1 relaxing massage. Nope, this is simply about IT guy spying on me (and I'm sure he will if he can).

I think that if they persist, I will tell them to get me a new corporate phone AND I want them to continue paying for my personal phone. (This was part of my employment agreement.) That should go over like a led balloon.

mmouse · Feb 21, 2017

james t kirk said:
I have a screen lock and a password.

I don't like giving the IT guy we have any access to my phone. Not ever. It is also my personal phone and Christ only knows what he can or can't root around for and find. I have personal information in the form of contacts, emails, texts, photos as well as overall usage of the data. I simply don't see the need for him to have access to my phone. (He's definitely the hacker kind of IT guy shall we say.)

If I was to quit for any reason, since my work email is a corporate ID that he administers, he could flick a switch and I'm 100% out of the network. Of that I'm sure and I'm ok with that.

I did a little reading on line and there is conflicting information out there.

So I was figuring to simply set up a new personal gmail account, then add that new account to my phone. By doing so, then I could add the feature to the personal gmail account (which I don't need to use.) Then if the phone gets lost, me and only me could either trace the phone, or wipe it if I can see that it's gone genuinely missing.

As long as the device policy app is installed, they can wipe your phone. If you uninstall it you won't be able to use your company Gmail, drive and whatever Google cloud stuff you use at work.
But I assure you there is no way for them to see anything on your phone, contacts, browser history, nothing. I'm good friends with our IT guy and I've seen the admin tool he uses.

james t kirk · Feb 21, 2017

mmouse said:
As long as the device policy app is installed, they can wipe your phone. If you uninstall it you won't be able to use your company Gmail, drive and whatever Google cloud stuff you use at work.
But I assure you there is no way for them to see anything on your phone, contacts, browser history, nothing. I'm good friends with our IT guy and I've seen the admin tool he uses.

That's the other thing. I don't want them able to simply wipe MY phone. There's a lot more on there than just work stuff.

If they had to, they could deny me access to the network in a second. So there is no issue there and I have no issue with that.

mmouse · Feb 21, 2017

Yeah they have the ability to remove the company account from the phone, which is what they *should* do, but if your IT guy is an asshole or stupid, they could wipe it. You can check exactly what they can do in the app.

Promo · Feb 21, 2017

AS A WARNING TO ALL: Android phones with the last two OSs (at least) have location services turned-up by default including a history of locations you have visited. If your google Email account is setup on your phone, you can find your phone's location, lock it or wipe it by simply logging into your google account and using your Email's Device Manager feature. Note, you won't see "Device Manager" on your android phone itself although you can also load the app from the play store.

For non-G Suite users: As long as your google account password is secure and no-one has set up a second google account on your phone you should be okay. You can't simply turn location services off, unless you don't use google maps etc. on your phone. Note, if someone uses the service to locate your phone, a pop-up message will appear on your phone.

If you want to check out the status of your phone, here's the Device Manager URL or you can sign into google email your normal way and navigate to Device Manger: https://www.google.com/android/devicemanager#identifier
https://www.androidpit.com/android-device-manager

JTK's question:

Sounds like your company is using G Suite services and therefore you have an Admin who has use of the G Suite Admin console function. Here's what he/she can do:
https://support.google.com/a/answer/3035631?hl=en&ref_topic=3113051
Specifically: https://support.google.com/a/answer/1734200

The admin can do just about everything he wants to your phone including: Install and update applications, lock your phone, wipe your phone, change phone settings, check your call and texting history (i don't think they can see the actual texts), data useage, etc. but, I don't see any reference to location tracking of your phone and I looked pretty hard.

That said, since your Admin can download apps to your phone and control phone settings ... you said he was the hacker type .... he cold simply download a tracker program or set-up another google email account on your phone that he has access to.

james t kirk · Feb 21, 2017

^^^^ Thanks

I don't want him to have access to my phone period.

He can shut off my email, drive, contacts any time he likes or has to. That's enough as far as I'm concerned.

I just sent him an email telling him that it's my own personal phone and to take me off whatever list he's put me on that keeps badgering me to install this "Google Apps Device Policy"

Google is getting more and more sinister every day.

fuji · Feb 21, 2017

Samsung has Knox which allows you to securely separate your personal information from your work information. At least they won't be able to see what you are browsing. Location tracking you still need to solve.

Knox is like running a whole separate Android with its own apps, settings, etc.

So the company email and admin software is isolated inside Knox. Alternately isolate your personal browsing and banking inside Knox. Either way you can't even cut and paste between the main Android apps and the Knox apps, they are completely separate.

Promo · Feb 21, 2017

JFK, I'm in a similar position as you. Originally I had my own business which I sold a few years ago to a bigger company and I stayed on as the COO for the division. I had my own phone which all my employees and customers had the number for. The new company provided me an Android phone with a new number which they locked down via Exchange (not google) that has Vmail, email, estimating applications, instant messaging, etc.

I wanted to keep my old phone for a number of reasons including: I didn't want to give ownership of my phone number to the new company and didn't want to hassle everyone with a number change, I wanted to keep my business/personal contact list separate from the company visible contact list, I didn't want anyone to have access to any of my personal information, I HATE INSTANT MESSAGING and I wanted to control what extra apps were on my phone (lol - I have a few games).

So I've set-up the company phone to forward all calls to my personal phone, turned-off the companies Vmail (I use my phone's Vmail) and set-up my email to work directly from Exchange (you can do the same with Google), turned-on synchronization of calendar and turned-off synchronization of contacts list. I leave the company phone plugged-in and turned-on 7/24 in my home (not at the office, that way no-body can touch it). Even if the company phone dies, all calls, emails, etc. will still forward to my personal phone. I'm forced to keep the company phone around and pretend to use it as the IT and security groups will scream murder otherwise. I'm not compromising corporate security as the phone's email is still locked down via exchange.

My suggestion: If your IT guy is being a prick, or you think he might be doing things behind your back - tell him to give you a company phone. Configure it to forward everything to your personal phone. Your company phone will now act like a proxy which your IT guy can manage but your personal phone stays isolated. He can still touch your email related items, but not your texts, phone calls, location services, applications, etc. Just make sure to have a password on your phone with a short time-out period so if it does get stolen, it stays secure. You can personally use Android Device Manager (form your personal google email account) to track/lock/wipe the phone if needed.

Promo · Feb 21, 2017

fuji said:
Samsung has Knox which allows you to securely separate your personal information from your work information. At least they won't be able to see what you are browsing. Location tracking you still need to solve.

Knox is like running a whole separate Android with its own apps, settings, etc.

So the company email and admin software is isolated inside Knox. Alternately isolate your personal browsing and banking inside Knox. Either way you can't even cut and paste between the main Android apps and the Knox apps, they are completely separate.

Definitely worth having a look at!

I think that will be the new trend in PC operating systems in the desk few years --- running certain applications such as browsers and Email in locked-down virtual machines. That way if the app picks up a virus or worm, it's completely isolated from the OS, hard drive and other applications. The hard part is when you want to permanently download something. One way is to download to a sandbox where it is virus scanned and checked for abnormal activity (i.e. sending out-going TCP connections, trying to write to the kernel/registry) and once verified it's then written permanently to disk.
^-- Linux power users can already do this, but it doesn't natively exist in the Windows consumer OS world.

lomotil · Feb 21, 2017

james t kirk said:
Our IT dude just sent out a link to all employees telling us that we must install "Google Device Management App" on our mobile phones.

(We use the google cloud system for our network / email, etc.)

My question is, how insidious is this little seemingly harmless app? IT guy says that it just allows them to "better track the company's equipment". IT guy says it also allows them to delete the contents of the phone should it be lost.

Immediately the alarm bells went off. I don't like being tracked by anyone ever. (I realize that google is already like this, but this friendly app would seem to only make it worse.)

Some further info....

My phone is my own. It's in my name, I pay the bill, though the company does reimburse me for my cell phone bill. I have personal photos on there, personal texts, my own email, etc. If I surf TERB on it, I switch to firefox so as not leave a google history trail.

The cell phone is password protected. If you try to guess my access code and fail after 10 tries, it deletes the entire contents of the phone.

So is this little app just really spyware allowing my nosy little IT guy to snoop into my phone?

Keep any work related phones or apps away from any personal internet or hobbying activities especially where your employer is concerned. There are an infinite amount of bad pathways that we have no control over. Goggle is god and beyond all understanding.

Dougal Short · Feb 21, 2017

I went through this a couple of years ago with my employer. Same deal... my phone, with an allowance.

There was a fair bit of protest and one of the other staff people posted a link showing EXACTLY how that app could be used to track the phone's physical location. I just ignored the request and never heard any more about it. I think that it's a real intrusion into my personal time. I have left their employment since, but as far as I know, the company sent out a statement subsequently that basically said that as long as people had a passcode and the ability to lock/delete the contents remotely, that was ok.

I should add that I can't say for certain that it was this application, but something similar. Our company email was on a Google platform.

Google Administration Interface / Google Apps Device - can it track me?

Well-known member

Active member

Well-known member

License to Shill

Posts: 10,000000

CanBarelyRe Member

Well-known member

Well-known member

Well-known member

Well-known member

Posts: 10,000000

Well-known member

Posts: 10,000000

Active member

Well-known member

Banned

Active member

Active member

Well-known member

Exposed Member