1

I am using a rooted Epic 4G Touch (Sprint GSII) @ JB 4.1.2. I am accessing corporate email via MS Exchange ActiveSync.

I have recently been told that a rooted device is not permitted to access MS Exchange and my ActiveSync permissions will be turned off unless I unroot.

Does using a rooted device (i.e. superuser access) create any new security issues vis a vis MS Exchange / ActiveSync? Particularly, are any vulnerabilities there that would not affect a stock/unrooted user?

If so, how is this different from remotely accessing MS Exchange (OWA, etc) via a Windows or Linux computer with admin rights?

Thanks Stephen

user43524
  • 11
  • 2
  • Exchange is the last thing I would let touch my device. It literally locks it down by installing a device manager, taking away the freedom to decide for yourself what kind of device lockscreen to use, or whether you really want to encrypt your device. To me that looks like selling my soul. If a customer wanted me to use Exchange on a mobile device, he should provide the device as well. OWA is just Web access, and not that integrated into the device (guess that brings some limitation along when it comes to supported features). No data is stored on the device with OWA AFAIK. – Izzy Oct 18 '13 at 21:45
  • Thanks for the feedback. I agree the restrictions imposed by exchange are excessive, but that's the job i've got and it is BYOD. What I am looking for, really, is information on how/why a rooted device creates security issues for the server-side exchange/corporate network. – user43524 Oct 19 '13 at 21:28
  • Understood, and apologies for my "rant". For above mentioned reasons (and having no need for it), I've never investigated closer into Exchange stuff. But with root powers it should be possible to circumvent the one or other restriction imposed by its setup, which one could count a "security issue" (from the Exchange admins point of view, as the Android user could trick his rules this way). And considering sensitive enterprise data being stored on the device (as opposed to OWA, which shouldn't store anything), this is even understandable. – Izzy Oct 20 '13 at 00:23
  • See: override security policy, avoid security policy, remove corporate settings – just to name a few examples. – Izzy Oct 20 '13 at 00:33

0 Answers0