Hacker News new | ask | show | jobs
by orand 4217 days ago
The best feature about Acompli is that when your corporate IT goon tries to remote wipe your device from the Exchange server, they can only wipe your email, not your entire device. Most people don't realize that by using the default iOS and Android mail clients to connect to an Exchange server, they're implicitly giving it the ability to remotely wipe their entire mobile device.
7 comments
spinchange 4217 days ago
I wish there were more publicized about this. I was setting up my wife's exchange-based work email with the default mail app in Android and was prompted with some really crazy permissions that were to the basic effect you mention. She decided that she didn't want her corporate office to have that much power over her own personal device just for the added convenience of being able to check work email on it. I'm going to mention this app to her and give it a try instead.
link
sp_nster 4217 days ago
Yep. Probably a MDM application like MobileIron or Airwatch.

Your wife made a decision most people miss because they are so used to skipping to yes. And wouldn't it suck if your IT department wiped your entire personal device including those vacation pictures of your recently deceased grandma. This happens way more often then you know.

This total control decision is why a container approach (give power to wipe what is the container only) to enabling corporate data is one I favor.

link
ams6110 4217 days ago
You're as likely if not more so to lose those vacation pictures when your phone falls into the toilet and shorts out. If it's important, back it up.
link
jacalata 4217 days ago
There are plenty of other apps available already - TouchDown [0] and Nine [1] are the two I've heard the most positive reviews about (I don't know anyone who uses Accompli).

[0]: http://www.techrepublic.com/blog/smartphones/review-touchdow... [1]: http://www.androidpolice.com/2014/02/12/hands-on-nine-is-a-c...]

link
sandymcm 4217 days ago
If your company has a BYOD policy, it should include the FYI that IT might wipe your device if you quit or get fired.

That's the bad news. The good news is this feature of Exchange also gives you the ability to remote wipe your personal device from Outlook Web Access (i.e. Exchange webmail) if it gets lost or stolen.

link
y0ghur7_xxx 4217 days ago
That's why I use davmail¹ -> owa to access my corporate mail over imap instead of exchange directly.

¹http://davmail.sourceforge.net/

link
grinich 4216 days ago
Just to be a bit more clear-- the difference here is with device provisioning using Mobile Device Management (MDM) services, not necessarily the default OS apps.

The user enrollment process doesn't necessarily require giving permissions beyond mail/contacts/calendar access. But many organizations take advantage of the opportunity to use pre-baked profiles which restrict behaviors, auto-configure VPN with client certs, activate features like remote wipe, etc.

We dealt with a lot of this when building the ActiveSync module for the Inbox[1] sync engine, which works with all Exchange servers and offers a modern REST API. (ie: like Twilio/Stripe for email)

https://www.inboxapp.com/

[1] Google stole our name last month. :(

link
Osmium 4217 days ago
> Most people don't realize that by using the default iOS and Android mail clients to connect to an Exchange server, they're implicitly giving it the ability to remotely wipe their entire mobile device.

Is there a way to disable this, e.g. using Apple Configurator or otherwise?

link
what_ever 4217 days ago
Does it support notifications for emails which go into a folder? I have seen only 9folders supporting it till date.
link
valevk 4217 days ago
And that's the reason I still fight everyday with non-mobile owa interface...
link
tracker1 4217 days ago
I just favor IMAP...
link
arthurcolle 4217 days ago
No way! you serious? Source?
link
benjarrell 4217 days ago
Any Exchange admin can confirm that. It is interesting the array of devices people add to their 'work' email.
link
arthurcolle 4217 days ago
how is that legal?
link
chrisBob 4217 days ago
How is it illegal to give someone permission to remote wipe your device?
link
pc86 4217 days ago
There is no question of legality, you are granting the user that access/ability by connecting to Exchange.
link
Osmium 4217 days ago
> you are granting the user that access/ability by connecting to Exchange

Does iOS present a warning to this effect when you add an Exchange account? If not, they should. I have an Exchange account set up from my university and don't recall ever seeing anything.

Also, didn't Gmail used to have Exchange support? If this is true, does that mean Google had the ability to remotely wipe any iOS device that was using Gmail through Exchange?

link
bentcorner 4217 days ago
It's an exchange server thing and probably part of the sync protocol used.

You'll see a warning when you set up mail for the first time. I think if the server has this policy you are forced to add a pin lock to your device.

If you don't remember seeing anything, then AFAIK your device cannot be wiped.

link