Can you support your claims? I’ve worked with Intune, Jamf, MaaS360, Citrix, and Workspace ONE and none of them could read texts, emails or browser history.
I’d be very interested to learn more about how they can access this information through MDM. We always did it through either the mobile carrier or the admin console for whatever the office/mail suite that was deployed.
SMS reading:
https://support.sophos.com/support/s/article/KB-000034436?language=en_US
Call log reading:
app lists:
https://help.ivanti.com/mi/help/en_us/cld/admin/ivanti/91/all/en-us/App_Inventory.htm
I looked through your links. I don’t see anywhere that SMS can be read. The permission kind of makes sense as there is a security component to filter spam/phishing type texts. Sophos themselves claim they don’t store any of that data.
I hadn’t ever seen the call log one and I’m not sure what that would even be used for. It was interesting though.
App lists is common across all MDMs. It’s used to ensure apps are being updated and on fully owned corporate devices some apps will be blocked.
It seems like many don’t really understand how this technology works. That said, it’s better to be overly careful and I agree with others in the comments. If you want me to use a mobile device for work you can provide it, I don’t put MDM on my personal device*.
*the exception being our own MDM we have setup to manage our personal devices more easily.
I looked through your links. I don’t see anywhere that SMS can be read.
From the link, emphasis mine. SMC is the MDM in question
Read SMS or MMS
Allows an application to read SMS messages stored on your device or SIM card.
Malicious applications may read your confidential messages.
SMC usage:
- Read the initial configuration and further server notifications.
2. Read all SMS for Backup.
