Block contact access for whatsapp

Avatar
expand collapsive

A bunch of our mobile devices both ios and android have apps like whatsapp and viber for communication. We want to block access of these apps to contacts for security reasons. Does hexnode support blocking contact access for specific apps…

All Replies

  • Avatar

    Fabio

    Participant

    Fabio

    Participant

    They are personal devices of our employees. The apps are for personal use as well. We don’t want them to access corporate contacts. We have a wfh situation going on, its just a temporary measure until we can ship them their work stations.

  • Avatar

    Ethan Miller

    Hexnode

    Ethan Miller

    Moderator

    That’s alright, @Fabio. Since these are personal devices with personal apps, we need to separate them from corporate data. For employees using their personal iOS devices, we can limit unmanaged apps from accessing managed content. For example, you can sync your corporate contacts on Exchange ActiveSync or CardDAV to the device to have a managed contact list. You can configure these by navigating to the Policies tab under iOS and associating them with the devices.

    Once the contacts are managed, navigate to the Policies tab, select iOS and click on Business Container and disable Unmanaged apps can read Managed Contact Accounts. This will prevent the personal apps from accessing the corporate contacts and limit access to just the personal contact list. Business Container prevents personal and corporate data from interacting with each other by limiting data flow between managed and unmanaged apps.

    For Android devices, we recommend setting up a work profile on the employee device to separate work apps and personal apps. Apps on the personal profile will not have access to the contacts in the work profile. Check out the steps to enroll a device in Android Enterprise profile owner.

    Hope this answer meets your requirement.

    Ethan Miller
    Hexnode UEM

  • Avatar

    Fabio

    Participant

    Fabio

    Participant

    Thank you so much Ethan! We will roll out these policies soon. Once our fully managed corporate devices are shipped to them, we can have them fully move on over to those devices. How much do these policies differ for corporate devices?

  • Avatar

    Ethan Miller

    Hexnode

    Ethan Miller

    Moderator

    I understand, @Fabio. Ideally, personal apps are not allowed on corporate-owned devices. Apps that hinder productivity are usually blacklisted on corporate devices. If relaxations are allowed, certain restrictions can be configured in iOS to limit interaction between personal and corporate data.

    Managing content in corporate-owned devices is easier as we have more control over the device. As mentioned earlier, we can prevent personal apps on corporate devices from accessing corporate contacts using Business Containers. Since the personal app is unmanaged and the contacts are managed, you can disable the option Unmanaged apps can read Managed Contact Accounts.

    On Android, devices enrolled in Android Enterprise device owner does not have a way to restrict personal apps from accessing work contacts. However, you could prevent the user from installing personal apps on the device by blacklisting such apps or whitelisting the apps that are essential to your use case.

    Hope this answer suits your requirement.

    Ethan Miller
    Hexnode UEM

  • Cecelia

    Cecelia

    Participant

    Cecelia

    Participant

    we have a similar scenario, but our employees use their personal devices for work communication. We don’t want the work app to access their personal contacts. We have asked them to enroll their devices to the uem. How do we do this remotely?

  • Avatar

    Ethan Miller

    Hexnode

    Ethan Miller

    Moderator

    Hey @Cecelia,

    Thank you for choosing Hexnode!

    If a corporate-based communication app is installed in your employee’s personal device, and you want to prevent it from accessing their personal contact, install the communication app as a managed app with Hexnode. Use Business Container to disable the Managed apps can write to Unmanaged Contact Accounts option. This will prevent the corporate app from accessing and modifying unmanaged personal contacts on your employee’s device.

    On Android devices, we recommend setting up a work profile to prevent work apps from accessing personal profile contacts and data.

    Hope this answers your queries

    Ethan Miller
    Hexnode UEM