Does anybody know how intrusive is the zscaler iPhone app compared to the one in the computer?
Specifically:
My company claims that it will only track/log company sites and traffic but in I don’t trust that statement as I am unsure how they can clearly distinguish that in browsing activity.
Is internet security enabled? If so, potentially very intrusive.
If only private access is enabled, likely not intrusive at all.
It’s a managed device so a company phone?
Depends. Are they running Cloud App control? Of course they can see all URLs etc. That’s how it works
Ofcourse! All traffic will be seen by zscaler and can be read if needed except for bypasses configured from pac or app profile vpn bypass. What policies are implemented? Cloud app, url categories … Better to use the phone with zcc for official purpose only.
i’m in a similar case, they installed a MDM profile, but it’s my personal device
How do I know if they use cloud control? Can traffic on an iPhone be forcefully routed to zscaler at all times on a managed device?
The following is stated: “The Zscaler mobile application is only used for accessing internal company resources on your mobile device. There will not be any inspection of internet traffic unless you are connecting to a company website or mobile application.”
Why would you let them install a MDM profile to your personal device? It’s already been decided in courts that in the US a company cannot compel you to use your personal device for work purposes.
Then there shouldn’t be an expectation of privacy or any personal use on that device.
As far as the specifics, ZIA logs every transaction going across it so yes, a browsing history is easily constructed from that, and if SSL inspection is enabled then specific data could be garnered from the traffic. Now I’ve seen no evidence of being able to compromise username or passwords unless those are sent in clear text, which isn’t a Zscaler problem.
Now since it’s all logged, they may choose to simply ignore and accept personal traffic or they may have put some exceptions in to bypass no -business traffic but I default back to the simple stance that one should never do anything personal on a company asset, period.
Fire up the zscaler app on your phone. what do you see? Tunnel version is important as well.
With Zscaler, your policies will be enforced taking into account your identity and your device posture. You will see you are sometimes “on net” and other times you are “off net”
Big thank you! The app is not installed yet. They will push to my phone in a few days hence me investigating this in order to decide whether I should get a private phone in addition to the company one. I will revert once the app is installed.