Mobile device management software is a privacy nightmare

Mobile device management (MDM) sofware can easily be configured to allow employers to spy on their employees, a new report by Bitglass suggests.

Its researchers conducted an experiment they called 'MDMayhem'. A few employees volunteered to have their personal devices tracked through MDM software, just to see to which extent this tracking can go.

As it turns out, spies could see pretty much everything – social networking accounts, banking information, communications, usernames and passwords, app downloads, browsing history, you name it.

Even on Apple's iOS, believed to offer app sandboxing, limiting such snooping, failed. Researchers intercepted communications going through popular messaging apps such as Gmail and Messenger.

But perhaps the scariest thing of it all is that researchers managed to turn on GPS, without notifying the device's user. Location data revealed the user's habits, such as where they went after work, where they travelled on weekends, how often they visited local supermarkets, etc.

“The invasion of privacy by MDM is a key reason that there are two billion mobile devices on the planet, but only a few million devices managed by MDM,” said Nat Kausik, CEO at Bitglass.

“IT leaders looking to enable BYOD must focus on a data-centric, agentless approach that respects user privacy.”

More than two thirds (67 per cent) of employees would bring their devices to work, if they knew their employers could not track them, the latest report on BYOD by Bitglass has shown.

“Without a security solution that respects user privacy, employees will simply work around IT,” Bitglass concluded.