- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
You must log in or register to comment.
I hate misleading nothingburger headlines like this.
Google is rolling out Android RCS Archival on Pixel (and other Android) phones, allowing employers to intercept and archive RCS chats on work-managed devices
What’s surprising to me is that a work-managed-device couldn’t already do this!
the headline seems to be implying that Google will let your boss hack into your personal phone!
Work managed device can sometimes be “install the work app on your personal phone because we are cheap, also enable all the permissions or you can’t use the work app we assigned you to use”
no fucking way i would work somewhere like that… if you just give away your freedoms do you really deserve them?
if i was desperate id buy a separate burner phone for work then.Same, I have some laying around if they decide to go all weird with the MS authenticator.
If it’s a work device it contains no privacy
In all cases involving work devices, the default assumption should be that the company can see anything you’re doing on it at any time.
This is why I carry two phones.
Years ago, almost two decades, I setup a Screensaver which basically took any image passed over the network and made a collage. Almost everything was like website banners and such.
One day I was in the server room doing something un-related and in the corner of my eye I saw some horrible images on the other screen. I immediately went to the cto who called the police.
Long story short he was immediately fired(and taken into custody) after being found in the bathroom… The images were kids between 3-7…
Before people ask, we could find out which access point he was using to determine approximate area. A quick walk around showed it wasn’t someone at there desk. Obviously they wouldn’t be in a meeting and there was only 1 set of bathrooms in that area. Female officer went into women’s room and reported it empty. Male officer went into men’s room and found 1 person, court case revealed history on his phone and yeah… Hopefully he’s still rotting in jail.
Well that’s horrifying.
Glad you guys caught the bastard.
What I don’t get is why do it at work? Like ok, sure you may not be able to control what you enjoy but it was a credit union… “oh yeah this annual financial report got me so horny I got to go commit a federal crime in the bathroom”… Wtf???
Some people can’t control themselves. Personally, I think having CSAM on a work device is a pretty good indicator of that.
With the same consequence, you should also assume location, audio and video to be not be private when carrying these devices
This is why I leave my work phone at work.
I only have a personal phone, but I even refuse to connect it to work’s wifi. I don’t trust them hoes.
I run a VPN on my personal phone while at work.
Just make sure any sites you goto are https and you should be fine.
If you don’t want them knowing what sites you go to, you could put a VPN client on your phone.
Otherwise if you have lots of data then that’s all moot.
I have a vpn, can’t promise they’re all https, and unlimited data so it’s cool, I just don’t trust them lol.
The default assumption everyone had was E2EE message data like RCS would be private.
Even apple does not share imessage data unless the Apple ID belongs to the employer.
Why would google do such stupidity is beyond me. But, yes on android assume everything is tracked 24/7. Trust your personal phone only.
The default assumption everyone had was E2EE message data like RCS would be private.
It is. It can’t be snooped on by third parties. The person that owns and controls your device is not a third party. In this case, that is your employer.
An E2E Encrypted message should not be readable by anyone but the recipient and the sender.
If it can be read and shared without your explicit consent and approval with anyone even your employer. It’s no better than regular TLS encryption.
End to End Encryption protects the messages *between the ends". If an “end” is compromised the best E2EE technology isn’t going to protect confidentiality.
Just ask Pete Hegseth, who invited a journalist into an E2EE signal chat. The journalist was an authorized “end” and could therefore read the conversation.
This change is about employers who already have full access to the “end” of the Android phone itself when that phone is in an enterprise managed state. Perfect encryption between that phone and other parties doesn’t change anything because the employer has full access to the phone itself.
On a company device the owner (the company) is the end, and you’re just given the task of operating it.
It varies between jurisdictions, but in general, you better believe they have every right to investigate any suspicions regarding how company assets (work devices) are used and whether their agents may appear unprofessional when using official company communication channels (literally your work phone number, which is used in RCS messages).
In plenty of places there’s still privacy rights for employees, but their main purpose is generally preventing overbearing surveillance and protecting your personal data contents in personal communication channels (like if you’re using personal webmail on a work device).
No end to end the device is the end that is where the encryption ends.
The sending and receiving ends are the devices, not the humans. If you don’t want the device to see it, you’ll need to do the encryption and decryption in your head.
Not sure if you are intentionally being obtuse. But, this is not a hard problem. It has already been solved.
We have Signal, OMEMO in XMPP which already do that. You don’t need to do any encryption in your head…
And how do those apps prevent device management from accessing the messages when they’re decrypted?
By not storing decrypted message on device? You can also block screenshots if you have a reasonable suspicious your screen can be used to capture the text shown on the device.
Exact same problem it is unencrypted on the device. You know you have to be able to read the message.
It is stored encrypted last I checked the signal website…
Only really a concern for those who mix work and personal on the same device. If the boss insists on having management software they can pay for the device, it’s not touching my personal one.
The one time I had a job with a company phone, they already could see everything I was doing on the phone. They could even remotely control it if they wanted to. And if I wanted to use mine, I had to give the same permissions just to log into Salesforce or even have my company Outlook email go to my main inbox.
I just kept their shit off my phone, and didn’t do anything personal on the company phone.
Good thing the first thing I do when I get a phone is disable RCS
The first thing you should be doing is unlocking the bootloader and installing an alternative OS
This isn’t really even about RCS, but okay.
“New Pixel update means your RCS messages might be visible to your boss”
Read beyond the headline. This is about Pixel MDM including more data, not about RCS actually having any significant update.
