[NSAID]

> When you add a work email address to your phone, you’ll likely be asked to install something called a Mobile Device Management (MDM) profile. Chances are, you’ll blindly accept it. (What other choice do you have?)

I use the Nine mail/calendar app[1] to keep all that contained. It integrates nicely with the native Android apps but keeps all of the security and control options within Nine itself. It looks like they are also beta testing an iOS app but I have no experience with that version of it.

For example, if the mail account security settings require a screen lock code, Nine will require a code to access the app but this won't affect the actual phone's unlock screen.

Similarly if a data wipe request is sent from the server it will only affect Nine.

[1] https://www.9folders.com/product/

[fencepost]

You beat me to it. Nine also allows easy connection to multiple Exchange accounts, has a variety of other nice features and has been around long enough to have a very solid track record.

This kind of sandboxing is one of the things third party apps like this have always been known for, going all the way back to a really old one whose name in blanking on which I believe maintained its own entirely internal calendar, files, etc. (Dataviz maybe?)

Edit: this may still be useful for some people, but the work profiles introduced in Android 5+ may make it less relevant at least for anyone at enterprise scale or otherwise using MDM through a service provider.

[tyingq]

Looks cool, but requires ActiveSync to be on. I think a lot of stodgy companies are locking that down and requiring the native Outlook app and its (as mentioned) stealthly MDM stuff.

[acidburnNSA]

Do you know if the Android org is cool with this? Like, is there an active arms race to prevent this kind of behavior, or is it condoned?