barscaret-downcaret-leftcaret-rightcaret-upcheckchevron-leftchevron-rightfile-pdfinfoinfo-circlesign-in-altsignin text-widthtimesyoutube
Blog
3 min read

Separation of work and personal data on iOS and Android devices

AndroidAppleDevice and Data SecurityiOSMiradore Best PracticesMDM

3 min read

Andreas Handler

By Andreas Handler

The ability to separate data on Android and iOS offers various advantages for organizations and users:

  • Reduce the number of devices
    Instead of having to purchase both a private and a business device, a company device can be used privately (COPE = Company Owned, Personal Enabled), or a private device can be used for business purposes (BYOD = Bring Your Own Device).
  • Saving Mobile Costs
    By reducing usage to a single device, only one mobile contract is required. Business calls are then usually handled via VoIP solutions.
  • Data Protection
    Separation ensures that both business and private data are protected from unauthorized access.

Functionality on Android devices

On Android devices, a work profile is created using Managed Google Play technology. In COPE scenarios, the management mode “Fully Managed + Work Profile” is typically used, where removing or disabling the work profile is not possible.

In BYOD scenarios, admis need to choose the “Work Profile” management mode. In this case, the user can remove or deactivate the work profile. There is no visibility into apps installed by the user in the private part of the device after setup, and access to app data is restricted.

When the “Fully Managed + Work Profile” is enabled, the organization can remotely wipe the entire device if necessary; when wiping “Work Profile” (BYOD) devices, only the work profile is removed, and the private data remains intact.

The work profile (COPE & BYOD) allows the installation of apps that may also be used outside of the work profile. It behaves like a second smartphone within the smartphone.

Miradore - csm 26

Depending on the requirements, the following functions can be either enabled or restricted for the work profile:

  • Caller ID for company contacts
  • Cross-profile contact search in the phone app
  • Cross-profile copy and paste
  • Sharing contacts from the work profile via Bluetooth (e.g., for vehicles)
  • Sharing into the work profile, such as photos taken in the private area
  • Unified passcode for the device and the work profile
  • Widgets for apps from the work profile, particularly useful for calendars

Functionality on iOS devices

On iOS devices, separation of private and professional data is achieved through a configuration profile that prevents sharing “managed data with unmanaged destinations.” This may sound complicated but is actually very simple.

All data provided through MDM is considered managed. This includes data from apps and accounts distributed via MDM. All apps and accounts that are manually installed or configured on iOS are considered unmanaged.

A simple example:
An Exchange account is deployed via Miradore. The contacts synchronized to the device through this account are not visible to a manually installed WhatsApp app. Likewise, an email attachment, such as a PDF file, cannot be forwarded to a WhatsApp contact. However, if the Teams app had been installed via MDM, sharing the file through Teams would be possible.

iOS does not allow apps to be installed separately by profile: an app is either professionally or privately used. iOS system apps such as Contacts, Calendar, and Mail can access both private and managed data without violating the separation.

It is possible to view which apps the user has installed; however, as with Android, app data itself is not accessible.

When performing a remote wipe, the entire device is erased. When removing the device from Miradore, only the work-related data is removed.

In a nutshell

The advantages of separating professional and private data lie in cost savings without neglecting privacy or data protection.

In comparison, Android provides stronger separation, for example by blocking visibility into privately used apps. However, this also comes with disadvantages: for instance, a cross-profile calendar is not possible. Work profile widgets can help address this limitation.

iOS separates slightly less strictly, as it allows visibility into which private apps are installed on the device. However, system apps display both business and private data.

Andreas Handler Author background

by Andreas Handler

Andreas works as a Senior Technical Consultant and Customer Success Manager at Miradore. He has been part of the Miradore family since 2016 and is passionate about providing value to organizations by showing them how to increase efficiency with Mobile Device Management. Outside of work, you might find him bouldering or playing volleyball.

LinkedIn

Get started with Miradore

Take control of your mobile devices today with Miradore’s MDM solution. You can get started for free and try out the Premium+ features with a 14-day free trial — or explore our Showroom with a virtual device fleet.

No credit card needed.

Get started now See plans & pricing