What is the privacy conern of using Microsoft apps for work and employment on your main profile?

I know that there are ways of separating the work apps we use from the rest of what we do on our devices. This is normally discussed in the context of Android because you can have different user profiles on there whereas you can’t on iOS.

What I don’t get is who those apps are leaking data to and what data they’re leaking. In my case I’m using stock Android on a Pixel 6 and I use Microsoft Outlook, Teams, and a few others right along side all of my other apps. I know Google knows some things. I know Microsoft knows some things. What data if any is my employer getting? If they’re not getting any data, and I don’t see how they are, then I don’t see a reason for separating those apps into their own profile.

My situation may be more unique because I know that sometimes employers will force you to install an app that’s specifically so that your company’s IT department can manage your device. I had that in a previous employer, but they also gave me a phone to use. In that case I understand why you would want to isolate that app.

So besides the scenario where an IT department is literally trying to manage your phone, what data do I have to worry about my employer getting through the basic Microsoft apps, or similar apps that are used for work?

1 Like

As Android sandboxes apps, there shouldn’t be a need to put them in a separate profile. The main way data can be shared between apps is with the Android advertising ID, which can be disabled in settings.

I don’t see any need for a separate profile, although I like to use the work profile feature as I can disable the apps and therefor stop getting notifications when I am back home. Not for privacy, just nice to not be bothered with notifications

The usability control is definitely a valid point, but it does seem like my understanding is being validated. I do also have the advertising ID turned off, so I’m covered there as well.

If your IT department hasn’t installed an MDM/Device Administrator on your phone, then I can’t think of much of a difference out of the box. Of course, installing work apps in your personal profile runs the risks of you granting them permissions to access your personal data, if one asked for calendar or contacts permissions, or gallery or files access for example. Android Work Profiles let you grant contacts permissions on your phone so you have your work directory easily accessible without making your personal contacts available to your work’s app, same with calendars, etc.

Work Profiles also allow you to have duplicate apps installed, which is handy if any of the apps you use for work you also use personally, which is applicable to some people. And Work Profiles can be switched off, so you can disable them all at the end of the day.

Personally, I don’t install or log in to any work resources on my personal devices, and I don’t log in to any personal accounts on my work devices (this is a tangent, but applicable to anyone issued a laptop for work: IT-managed devices are notoriously insecure and you should not do anything personal on them).

One legal concern: If your workplace is involved in a lawsuit and you have case-related work information on your phone, your device(s) may be subject to a subpoena.

2 Likes

Thanks for this note! I went through and cleaned up the permissions for these apps. There were two that had access to files that I don’t think they need.

I’m going to think about how I can implement this because I’d rather go in this direction than worry about work profiles, at least until Google implements a native version of this feature. As I’m thinking about it, I can think of some folks I work with who do not have some of these Microsoft apps on their phones. If they can get away with it, maybe I can also.

Hmm, this adds some fuel to the flame of just removing these apps entirely.

1 Like