8 Replies Latest reply on Mar 10, 2012 4:48 AM by mat.kordell

    EMM and Jailbroken Devices

      Can somebody please share with me any limitations or reasons for disallowing a jailbroken device from joining the corporate network?

       

      I was told that EMM can lose the ability to perform a remote-wipe and just wanted to confirm this.  I understand that jailbreaking limits a potential layer of security from apps through the app store, but I wanted to get a beter understanding of any security risks.

       

      Thanks,

        • 1. Re: EMM and Jailbroken Devices
          mrt

          If you allow to jailbreak or root your device you are exposed for much more malware applications hence you are able to install applications outside appstore and market.

           

          Even if market includes vulnerabl applications any way you are even more exposed if you install expensive applications for free outside markes hence the aim for malware writers is to include evil code into expensive applications from market for free outside of the market.

           

          If EMM lose functionallity if you allow jailbroken devices into your network, I do not know.

          I would not let them into our corp. network

           

          Hope my answer replies to your question. 

          • 2. Re: EMM and Jailbroken Devices

            Thank you for the response.  I certainly understand your point of view and I expect that many at my company would agree.

             

            I differ however in that jailbreaking a device does not necessarily mean that the user will use it for vulnerable applications.  There are legitimate reasons for jailbreaking.

             

            It's incredibly easy to install vulnerable applications on laptops and desktops, however these are still permitted to connect to a corporate network.  We try to mitigate this through education and policy, but there will always be exceptions.

             

            My question is specifically if EMM loses functionality simply through the jailbreaking process.

             

            Thanks again,

             

            Message was edited by: malangon on 1/12/12 3:22:20 PM CST
            • 3. Re: EMM and Jailbroken Devices

              Nobody?  Nobody?

              • 4. Re: EMM and Jailbroken Devices
                JoeyMc

                Just curious...what are the legit reasons for jail breaking?

                Supporting jail broken devices sounds like a nightmare...almost as bad as supporting Android :)

                • 5. Re: EMM and Jailbroken Devices

                  Jailbreaking allows for working with apps outside of the Apple Store model.  It's certainly not illegal and there are real apps that the Apple Store does not support that are legit.  For example, there are several desktop modifications for productivity as well as apps like Wikileaks.  Wikileaks is not related to my business but I don't like the idea that Apple censors my apps.  On a corporate device, I can control this because if it doesn't relate to business, I have leverage.  But for corporate initiatives that support "bring your own device", I rely on EMM as my sole mechanism to ensure some safety.

                   

                  I've been told that a jailbroken device can't be remote wiped through EMM.  I just want to confim this and I'm surprised that Mcafee hasn't chimed in yet.

                  • 6. Re: EMM and Jailbroken Devices

                    Yo! I heard from a friend of mine from another company that uses Mcafee EMM that jailbroken devices can still be remote wiped (even selective wipe). Perhaps this can also be considered as a "control" for Administrators to wipe any device that has been discovered jailbroken by a "smart a** endusers" when they are not supposed to jailbreak their devices.

                     

                    I have yet to confirm this since our company is still planning on implementing EMM. But hope this helps.

                    • 7. Re: EMM and Jailbroken Devices

                      The functionality of EMM is not affected by jailbreaking your device, but how much protection it can offer is - The problem is, there's nothing to prevent the phone lying to EMM if it's jailbroken - apps could be installed to do anything, for example, fake that the PIN is enabled, silently forward your company email to a dropbox in Sweden, act as a rogue access point and forward network traffic over 3G etc...

                       

                      I don't believe it is wise for ANY company to consider allowing jailbroken devices onto their infrastructure. The risk for malicious use, viruses, trojans etc is too high.

                       

                      With PC's, there's 20 years of history and technology protecting you against PUP's etc, on an (unbroken) iPhone, we can't even deliver malware protection to you, as IOS is so closed it's not technically even possible.

                      • 8. Re: EMM and Jailbroken Devices
                        mat.kordell

                        First off +1 to SafeBoot.  And add to it that apps could be installed to prevent remote wipe as well.

                         

                        And to give a bit less technical perspective on what I'm hearing from you malangon, and no disrespect intended, but it doesn't sound to me like you are looking at this as a corporate tool but rather as a toy with which you should be aloud to do whatever you like.  While there may be legitimate reasons for jailbreaking a device there are not really any legitimate reasons to allow jailbroken devices onto a corporate network.

                         

                        Same reason most companies don't let you use outlook from a personal computer or download your CRM database to your iPad.  I can think of plenty of legitimate reasons to do those things it just wouldnt be very responsible to allow that to happen.