Syncing an exchange account gives remote wipe capability
| Originator: | raylillywhite | ||
| Number: | rdar://32023402 | Date Originated: | 05-05-2017 |
| Status: | Open | Resolved: | |
| Product: | iOS + SDK | Product Version: | |
| Classification: | Reproducible: |
Area: UIKit Summary: Syncing an exchange account gives remote wipe capability to the server admin without any management profile being installed or without any warning or confirmation from the user. Steps to Reproduce: 1. Setup an Exchange account on iOS 2. Use the Exchange server to remote-wipe the device Expected Results: Setting up the Exchange account should not give full remote-wipe capability. The remote wipe should only affect the data that was synced by Exchange. Or at a minimum, the user should be prompted while setting up the Exchange account to grant remote wipe privileges instead of it happening automatically and silently. Actual Results: The Exchange server can remote wipe your data, without ever showing a warning about this to the end-user. Version: iOS 10 Notes: Configuration: Any iOS device Attachments:
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!