I installed GrapheneOS on my Pixel 4a and got google services up and running. I followed my corporate instructions to get mobileiron setup for a work profile. I appears that mobileiron go uses google services to create a work profile all goes well until somewhere in the work profile setup i get a notification stating that the work profile has been deleted and mobileiron go gets disabled. Is there anything else i should be doing?
GrapheneOS and MobileIron
Request a corporate device from the employer so you haven't to use your own for work purposes?
- Edited
dc32f0cfe84def651e0e that would be nice, unfortunately not an option
I was hoping grapheneos would be able to support my need case.
More information, it appears that graphene was not giving mobileiron go my phones MEID or SN.
- Edited
Due to its nature, I don't believe it will work properly.
However, even if you manage to install it somehow, note that Mobile Iron has Administrative rights on your phone plus it provides a lot of info to whoever manages Mobile Iron at your company.
At the very least, they can locate, lock, issue a Lost Phone command, or even wipe your phone remotely. Not saying that they can see all the installed apps and Mobile Iron can also enforce its own policies, for example, disallowing to install any app outside of Google Play store. Your phone will virtually become a company-owned device.
These enforcements will apply to your normal profile too as this is where Mobile Iron will be installed (it will create the Work space automatically during install).
My personal opinion - not worth it privacy-wise, even if you manage to install it somehow.
bbarnes11 I believe GrapheneOS by design stops apps from getting your IMEI and hardware serial number.
If the goal is to turn control of a phone over to an employer then the stock OS will likely work and GrapheneOS may well not. Hence the suggestion of getting a second device. Older devices are often cheap secondhand.
I don't disagree. But the options are google with mobileiron or grapheneos with mobileiron. In the later case i only have to care about one company and privacy. Clearly grapheneos will not work for me.
Thanks
bbarnes11 MobileIron's web site seems to indicate thst admins can require SafetyNet--either just basic, or CTS profile checking.
I am not an expert, but I believe GrapheneOS inherently can't pass non-basic SafetyNet. So it's not clear that IMEI and serial number would be enough -- or would continue being enough if you did get an install to work temporarily, if your employer's admin changed settings.
If it's the case that your employer (like some bank apps) requires a stock OS, then a non-stock OS won't work -- even though a random vendor's stock OS might be less secure than GrapheneOS.