Work Phones Make Comeback as More Employers Ban WhatsApp, TikTok

There may be a new ringtone in your life -- the urgent chime of a company-issued cell phone. From a report: In a throwback to the Blackberry era, telecom-service providers are seeing strong growth from companies handing out phones to employees. The phenomenon, which started during the pandemic, picked up recently thanks to new compliance policies around the use of WhatsApp and TikTok. It's provided a "tailwind" for subscriber gains at AT&T, Chief Financial Officer Pascal Desroches said at a conference this week. At the same event, T-Mobile US Inc. Chief Financial Officer Peter Osvaldik said his company's corporate customer count "grew every quarter in 2022."

The phones are more than just a corporate perk, said Gartner analyst Lisa Pierce. "It's also about control" -- a means of restricting or blocking applications and keeping corporate data secure, she said. Businesses, especially those in finance, have grown concerned about the security of their data, and the Securities and Exchange Commission and the Commodity Futures Trading Commission have stepped up their scrutiny over unauthorized private communication on applications such as WhatsApp and through personal email. Late last year, Congress, along with several states, banned China-owned TikTok from government employees' devices over national security concerns. This puts organizations in the position of either requiring their workers to remove apps from personal phones, or offering a secure second device. That second device helps explain how wireless carriers keep racking up millions of new subscribers long after the time when the mobile market passed saturation, with nearly every adult in the US owning at least one phone.

Good!

[garett_spencley]

It seems like every single employer of mine has expected and assumed the use of personal devices for work-related purposes. And then each says it is against company policy to issue work phones.

When I worked for a consulting agency I was asked to install Microsoft Authenticator and Outlook on my device to access the client systems. I regret complying as I couldn't uninstall it after I left the project. My current employer expects us to use Okta Verify for SSO and I told them I couldn't use my personal device because it is not compatible (which is most true - I've since switched to GrapheneOS and only install FOSS apps, I don't have Google Play Store) and fortunately I got them to issue me an iPad, but only because we could claim that it was useful for development purposes as well.

Companies should provide all equipment necessary to perform work related functions.

I doubt I will ever achieve a completely phone-free life, because I do use the thing to keep in close contact with immediate family, but as far as my employers go I should be comfortable saying "Believe it or not, I don't own a smart phone and I don't remember reading that I was required to have one and use it for work purposes in the job description."

Re:

[fermion]

Hopefully it was not a tech consulting agency as any app can be uninstalled. Or -home restored from backup

For most companies, I donâ(TM)t see why they are worried about security of WhatsApp and Tik Tok on personal devices. As long as they are clearly banned for work related communication and PR.

In my last job, middle management used platforms such as slack and personal texts to avoid creating a paper trail for certain communications. This obviously was bad. Establishing a protocol is much better th

Re:

[garett_spencley]

Hopefully it was not a tech consulting agency as any app can be uninstalled. Or -home restored from backup

Tech != mobile phones. Like it or not, the "tech industry" has grown so large that we are starting to see extremely high degrees of specialization. It is possible to work in tech, to be an expert in various technical fields and areas, and yet know next to nothing about mobile phones.

You do not need to have ever even touched a smart phone to be an accomplished software engineer unless your area of focus happens to involve smart phones in some way. Phones and their users & applications, despite becoming v

Re:

[sound+vision]

What people think "tech" looks like: The latest, most expensive gadgets, asking an Echo Dot to turn the lights on, Bitcoin, Musk, Gates.

What tech really looks like: A neckbeard programming assembly for industrial systems, and getting Doom to run on a toaster.

Re:Good!

[Type44Q]

You're overthinking things. Get a beater phone strictly for work apps; odds are you won't even need service and can just use it on WiFi.

Re:

[Waccoon]

Fuck that. I expect my employer to provide me with the tools to do my job. I'm not buying two phones when I don't even want one at all!

Re:

[thegarbz]

When I worked for a consulting agency I was asked to install Microsoft Authenticator and Outlook on my device to access the client systems. I regret complying as I couldn't uninstall it after I left the project.

Neither app is in any way locked to a device. If you can't uninstall them you're doing something very wrong. The former is little more than a 2FA app, the latter just another shitty Office app. Neither are controlled remotely. For that you need some form of MDM application installed. I bet you you have one and forgot about it.

Re:Good!

[Opportunist]

There is exactly one person in our company who has my phone number. And he knows that if he ever abuses it or hands it to someone else, I get a new phone number and he doesn't get it.

If you want to reach me from work, hand me a phone. Expect it to be online and ready to be reached during office hours. Expect it to be turned off outside of office hours. If it's an emergency, call, but also be aware that the moment the phone starts ringing, my overtime work hours start. And according to my contract, I get overtime at a 2:1 rate, so you better be sure that it's worth the price to ring me up at night.

Re: Good!

[tatroc]

My work doesnâ(TM)t provide a phone or reimbursements yet they reach me on it.

Re:

[GargamelSpaceman]

A Cellphone is an Orwellian tracking device with a microphone and video camera combined with GPS and internet. A corporate issued phone means they basically have a vibrating buttplug up your ass at all times.

Re:

[c-A-d]

Use a faraday box/bag. "I don't understand how I lose service when I get home".

Re:

[geek]

Companies should provide all equipment necessary to perform work related functions.

Very entitled. Go work construction or as a mechanic or even a welder. 99 times out a 100 they have to buy their own tools. This mentality in tech that the company should coddle to your every whim on equipment is isolated to tech and doesn't exist outside of it. They do it though and then everyone bitches about the equipment, destroys it and complains that the company doesn't do better.

Well how about we move to zerotrust and just use whatever device we want? I already do this at work. I use my personal devi

Re:

[nzkbuk]

Companies should provide all equipment necessary to perform work related functions.

Very entitled. Go work construction or as a mechanic or even a welder. 99 times out a 100 they have to buy their own tools. This mentality in tech that the company should coddle to your every whim on equipment is isolated to tech and doesn't exist outside of it.

That's because in the tech industry they aren't saying "You need a hammer" they are saying "You need exactly this quite expensive hammer that will only work on our building site and if you go elsewhere we can destroy that hammer."
The second an employer starts dictating what can or cannot go on a device, or if they want to monitor traffic to and from that device then I no longer have complete control / ownership of it.

A better analogy would be a uniform. If I need dress in business casual, or in a two piece

Re:

[hjf]

You usually don't need to install a shitty Fortinet VPN client, an "asset tracker" or a company-managed antivirus on your welder though.

Re:

[Okind]

Companies should provide all equipment necessary to perform work related functions.

Very entitled. [...]

Not at all, at least in the Netherlands (but also elsewhere in Europe). Here, employers are required to provide everything needed to do the work. By law, regardless of sector.

For employers, providing the equipment also makes sense: if it's your equipment, you get to set the rules. But if the phone belongs to your employee, (s)he can set the rules for that phone. And not all employees are in the unfortunate position that you can bully them into submission by threat of firing.

Re:

[Striek]

Very entitled. Go work construction or as a mechanic or even a welder. 99 times out a 100 they have to buy their own tools. This mentality in tech that the company should coddle to your every whim on equipment is isolated to tech and doesn't exist outside of it.

I was a mechanic for a while. You want to know the difference?

I left my tools at the shop, in a locked toolbox.

I didn't need to replace my tools every three years.

Those tools do not also have access to my bank account.

And I received a yearly stipend for tools, too.

Your argument is nowhere near as relevant as you think it is.

Re:

[devslash0]

Exactly this. Never, ever install anything work related on your personal devices. Most of the corporate software comes with MDM which very often gives your company administrative rights on your personal device, including, but not limited to, erasing it completely at the end of your employment.

Re: Good!

[MysteriousPreacher]

Yep, and agreements made to install the software tend to grant the employer rights to access the phone and its contents. I'm sure we all have things in our personal lives that could cause problems with corporate.

  Don't mix personal with business. If you need a phone, and the company won't provide one, then either get a new job or buy a cheap phone to use solely for work.

Re:

[devslash0]

Unfortunately, buying a cheap phone won't work if you don't put it on a mobile contract. Modern authenticators have the tendency to require a fully functioning mobile number to be attached to the phone before they allow you to proceed with the setup.

Re: Good!

[MysteriousPreacher]

I'd rather do that than use my personal phone. Although I've nothing illegal on my phone, I'd certainly have opinions that'd cause issues should a corporate commissar get to go through it.

Re:

[Murdoch5]

Good! I refuse to install any work applications on my person phone, which includes having my email accessible on the phone. Our office policy (which I wrote), says you have to fully isolate your work environment from a person environment, which can include using VM's, something like Qubes OS (my preferred method), Containers, etc

If my employer or boss wants me to be “always connected” then multiple things will happen:

1. You'll pay me to be “always connected”, which is not my s

Re:

[serviscope_minor]

Microsoft authenticator and okta verify are just TOTP implementations. You can use any implementation in place of them. Requiring F/OSS only won't save you from this one.

https://f-droid.org/en/package... [f-droid.org]

Your phone is compatible.

People are going to be People.

[jellomizer]

Ok the big boss man dedicates 18 hours every day to the company. However as the boss, he makes the rules and has the power, authority as well if the company succeeds he will be getting more money than the other employees.

The employees, have to follow the rules, have limited power and authority, and the money they make are not proportional to the profits the company brings in. People are naturally going to adjust behaviors to compensate these issues. So if rules that BYO devices cannot use software they enjoy, they will not be using such device for work. So the company is going to have to provide them with a work device.

That being said, I am kinda surprised that phone makers haven't yet offered features for their devices to sandbox your work settings with your personal ones.

Re:

[eth1]

That being said, I am kinda surprised that phone makers haven't yet offered features for their devices to sandbox your work settings with your personal ones.

They do. Not the phone makers, but third party software. I don't care, though - I'm not allowing the installation of anything that can wipe stuff off of my device on a personal phone.

Re:

[jellomizer]

Well with the correct sandbox environment. Work should only be able to delete your work stuff on your device.

Re:

[pete6677]

My Samsung phone is nearly 4 years old and it has a Work compartment. The company can control and delete apps from that compartment, but not anything else from the main section of the phone. Assuming iPhones have something similar by now?

Re:

[ctilsie242]

This is one of my biggest gripes about iOS/iPadOS. There is no "work" compartment. At best, a policy might be limited to Outlook and the work related mail stuff, but it might just be able to not just erase, but move the entire phone permanently to the employeer's MDM system, where it would be forever locked to them and the owner would have to buy a new device.

Apple desperately needs a compartment for "work", and maybe even other stuff like projects. Each compartment could be assigned to its own SIM or eS

Re:

[thegarbz]

That being said, I am kinda surprised that phone makers haven't yet offered features for their devices to sandbox your work settings with your personal ones.

They literally have for over half a decade now. In fact that was one of the areas Apple was playing catchup in for a while in a panic as companies were blacklisting iDevices in favour of Android since most Android devices offer exactly that feature.

These sandboxes are incredibly controllable, including the limiting of what I can and can't install, what data each app from each sandbox can access across the other one, and even what security requirements exist for traversing between sandbox profiles.

Re:

[nzkbuk]

Some versions of android have "second space" or similar which is effectively a second sandboxed account on the phone which can get it's own apps.

Re:

[MooseTick]

Blackberry had a phone that had 2 modes so you could have a "work" side and a "personal" side. It wasn't that popular though.

Re:

[Waccoon]

I am kinda surprised that phone makers haven't yet offered features for their devices to sandbox your work settings with your personal ones.

I'm not. Stuff like that makes it easier for you to poison the well, and that makes collecting your data more difficult.

Everything we do today with regards to security is completely wrong. That's not an accident.

I recently did this on my own

[Luke has no name]

Not for TikTok or any other particular app. I dabbled with both iPhone and Samsung do-not-disturb and focus modes to separate work from personal.

My current role is very much 9-to-5 and it is much easier on the mind and for configuration to just buy another phone and a cheap Tello plan - $11/month. I can now toss my personal phone into the drawer or leave it in the car, and focus on work more easily. After work, I leave the work phone in the drawer. Mind blowing, I know!

Re:

[jbmartin6]

Me too. sub-$200 android phones are good enough for most work purposes. And I don't have a SIM card at all, since the vast majority of the time I have wifi available. If I really had to, I could use my personal phone as a hotspot. Obviously, we use apps for any voice calling rather than the actual 'phone'

Re: I recently did this on my own

[Luke has no name]

I splurged and got a pixel 6a. I figured it will eventually be a fun lab phone for grapheneos or something, and I wanted to try out a pixel vs. other brands I've had.

As for data you are correct. I considered going wifi only and I probably could. For the experience of not relying on my personal phone though, and for the price, I got a number anyway. (My use case requires a phone number).

I used tello, put in cc info, and grabbed a number from an arbitrary area code near a major metro area. The eSIM experience

KVM phone

[bill_mcgonigle]

Seems like somebody could create a phone with a 'work slot' that would take an SoC configured by IT and with a physical switch select the I/O devices for that board. The modem is already a serial device and could be multiplexed with a proper packet switch.

Somebody will say, "just use a hypervisor," and then three months later somebody will rowhammer it or whatever and break the isolation.

Re:

[ctilsie242]

It is a cat and mouse game. AMD and newer gen CPUs have RAM encryption so a rowhammer attack might cause a crash, but it wouldn't allow a process to do much with another process's space.

In this case, the perfect is the enemy of the good. On the Apple ecosystem, we -need- something along these lines. Doesn't matter if it is a hypervisor, doesn't matter if it is compartments, but some solid, auditable line of demarcation that separates home from work that will make the compliance guys happy, and allow leg

Samsung Knox

[xwin]

This is available for a while - https://www.samsungknox.com/en... [samsungknox.com]. Most of Samsung phones come with it, at least mid-range and high-end ones. It works very well and user can turn off work profile and shutdown all the work apps. All the data is segregated and you can even have a separate login into the work profile. You IT can control it as they wish.
It is a standard feature on Android https://support.google.com/wor... [google.com] , but Samsung was quite early with their implementation.

What about work profiles?

[orzetto]

My employer (in Europe) provides company phones for private use (nice perk), but also requires us to use a work profile [android.com] (at least on Android) for work apps.

It is a bit clunky (e.g. I cannot copy and paste data between apps in separate profiles, but that's the point) but it works fine for us. Is there an inherent weakness to this approach that makes US employers rather give out an extra phone?

About time!

[Aristos Mazer]

Never allow corporate crap on your personal device. If they want you on call, answering emails, and right to remote wipe, they need to provide you with a device for all of that. This should be standard practice.

Re:

[thegarbz]

The idea that your personal and work devices are intermingled is outdated. Modern systems exist to keep independent profiles on your devices including the ability to just wipe one part of the device. Systems like Knox prevent work and personal profiles from interacting beyond the limits set by a company.

But in any case few users "allow corporate crap on personal devices". The overwhelming majority "allow personal crap on corporate devices". Why would I pay extra for a phone when I already am provided one.

Re:

[xwin]

Not only paying extra but I dont want to be a slave to an extra phone. You need to charge it, carry it around, protect it from drops, etc. My company issues limited selection of phones and they are quite large. I don't want to carry two phones.
I have been pretty happy with Knox, at least as happy as it is possible in the situation.

Re:

[Aristos Mazer]

> The idea that your personal and work devices are intermingled is outdated.
 
Only outdated if companies use those options. I interact with many that do not and instead require access to the whole device. And even if they do, until there are two separate hardware ringer switches and power buttons on the phone, it's not separated enough for me... I really do want the ability to leave work behind. Otherwise, they do apply [intense] pressure to answer in off hours.

Re:

[Opportunist]

That's what I love about our CISO. CEO suggested BYOD and his only reply was "you sign off that you personally carry the risk for a security breach and you can have it".

We never heard anything about it again. Ever.

TikTok, sure, but Whatsapp?

[spaceman375]

I haven't heard of anyone banning Whatsapp. It's used all over by people with international connections. SMS is only reliable for local communications. So why does this author seemingly go out of his way to deride Whatsapp? I don't facebook, but Meta isn't a Chinese company, nor even beholden to an adversarial country. I suspect "It's encrypted - must be bad!" is the mentality of those who would ban it.

Re:

[thegarbz]

Except many companies do have policy against WhatsApp use. My own tried to ban WhatsApp and succeeded... except in Brazil, Netherlands, and a few other places of the world where WhatsApp is a core communications requirement.

Re:

[Opportunist]

No WhatsApp, Facebook, TikTok, Twitter, Instagram... you name it, it's banned from our phone. We're big enough that even the "pre-installed" crapware that you usually find on the phones of the provider we use magically disappeared.

Re:TikTok, sure, but Whatsapp?

[budgenator]

Some industries have very rigorous communications retention requirements which encrypted messages would complicate.

UK government now regrets its use of WhatsApp

[Bruce66423]

A large trove of messages has been leaked to the press from the Covid lockdown period and the government is looking very foolish.

https://www.telegraph.co.uk/ [telegraph.co.uk]

Re:

[Opportunist]

Politicians using technology without having a lick of an idea what they're doing. What else is new?

Want to be scared? The same people make laws about this whole shit that affect you. And if you say "Nooo, I'm not a Brit"... you think your politicians are any better? They also know fuck all about the stuff they fabricate laws on.

Re:

[pjt33]

Actually the issue there was politician trusting a ghostwriter who had already proved herself untrustworthy.

Re:

[Opportunist]

Again: What else is new?

Good to know

[nospam007]

"The phones are more than just a corporate perk, said Gartner analyst Lisa Pierce. "It's also about control" -- a means of restricting or blocking applications and keeping corporate data secure,"

Be sure to lock that phone securely in your desk before going home after work.

Unless you are a consultantâ¦

[Ronin Developer]

Your employer is responsible for providing all equipment needed to perform your work. So many weasel out of this with BYOD policies.

If they wish to restrict what you can do on a device, they must provide the deviceâ¦.unless you want to be an idiot and waive your ownership rights over your own device.

And, if they (or, you) canâ(TM)t remove the sandbox protections and remove any work related materials, can they demand you turn in your personal device when you leave? It becomes a thin and very

That's fine and well

[Opportunist]

Your phone, your rules. My phone, my rules.

I have a work phone, and it's locked down to the barebone "must have" stuff. We had to sign that we must not install anything on it (with "disciplinary action", read, termination, being on the table if you do and they find out) that isn't first signed off in writing by security. Fine by me, we're a high sec field and our phones have access to pretty sensitive information, it's a given that it's nothing you may use to toy around with. Quite understandable that insta

Bring back alphanumeric pagers

[CyberSnyder]

I realize they're really not completely gone, and still in use for some niche use cases. Send me an access PIN for login via text, ping me for alerts if I'm on call and then I just won't carry the pager when I'm not on call.

I have one

[registrations_suck]

I have one. Came with the job in 2013. Never really needed it until I started working remotely in 2016 or so.

I still don't use it. I just put the SIM card in my own phone.

WHY were personal devices allowed?

[jonadab]

As the IT guy, I really don't want devices on the staff network that have who knows what software on them, installed by people who don't understand the security implications. It's one thing if they want to use a personal phone to look stuff up on Google or Wikipedia or whatever: that doesn't harm the network. But if we're talking about connecting to the internal network and running work-related apps, that's another matter entirely.

BYOD

[sinij]

It is suppose to be Bring Your Own Device, not Buy Your Boss Device. You pay for it, you get to decide how you are going to use it. While I am not on WhatApp or TikTok, if someone wants to be they should be allowed to make that mistake. If not, it will quickly escalate into censorship, where your employer gets to dictate what news you are allowed to hear and so on.

TikTok, but not angry employees, is a concern?

[Sprecken]

It took a security concern about social media to force companies to not make employees use their own devices for company use. The irony is epic.

decent work phone setup

[aRTeeNLCH]

My employer changed from DECT handsets and fixed phones (of course higher level management got and get the perks of a nice phone, with contact and the expectation to be reachable) to Teams and Outlook on work phones, rugged Android devices. Whoever wants to use their own phone is free to, to avoid having to carry one more device. Anyway, those Android phones are properly locked down, they will only function on the corporate WiFi network. No worries about dealing with work stuff outside of office hours. And

Working for a Public Agency....

[eepok]

I work in a large public university. If the campus/your department wants to get a hold of you whenever they want, they know they have to buy you a phone and pay the bill.

1. They want to require updates
2. They want to forbid certain apps
3. If there's a FOIA, they don't want to be able to scan the whole phone

Given the all legal/liability wisdom and experience behind what many might label as "bureaucracy", if I were to run my own business, I'd do it the same way: No work is to be done on personal devices. If y

*72

[madsh]

That is when reading the GSM spec pays off. Just forward calls from your work phone to your home phone and leave that piece of work on the desk where it belongs. Your mileage may vary!

Funny how TikTok is starting to force changes ...

[Murdoch5]

For years and decades, security minded people have made a point of mentioning that almost everything we do, from email, electronic meetings, writing documents, even authoring code is insecure. Management and most of our co-workers, refused to listen, and even rolled their eyes at us. Then an application like TikTok comes along, and all of a sudden we need a hard bifurcation of work and personal life?

Sure, TikTok is a large security sticking point, but so is email, documents, code, even the OS your devices is running, and no one cares about those large flashing arrows!

How many people do you know who actively sign and encrypt their email with PGP?
How many people do you know who actively sign their documents with PGP ?
How many people have asked why Windows 10 and 11 have a keylogger running?
How many people even look at who emailed them and verify the sender?
How many developers verify their GIT tags are signed or commits are signed?
How many people preform application level signature verifications?

TikTok represents a massive security problem, but so does office life and peoples habits in general. Buying your employees work devices because of TikTok or WhatsApp doesn't show you care, it shows you're blind. If you cared, you start introducing PGP polices, or verification polices, or software stack policies, and start preaching a secure lifestyle. All these policies around software X or Y are just hand waving by people who are using their feet because they don't understand the question, the answer, or the concern.

About time!

[lpq]

I get tired of work calls coming in on my personal phone. If the phone rings -- is it work, robocall, friends or family? If my home phone is temporarily missing and work wants to reach me, how do I tell them they can't? If I have separate email, suppose that's down too (don't laugh, not uncommon with my home phone+network setup that ATT won't setup to work because I have linux + Win7 network devices, neither of which is supported by ATT. Well, at least w/an office phone I can have a backup.

Computer is s