My employer is about to implement an MDM (Mobile Data Manager) on our exchange server. One of the recommended policies is to prohibit "rooted" Androids and "jailbroke" iPhones. The standard line is that "it's a security risk". However, not one single person, even the MDM vendor can verbalize a single security "risk" associated. They just keep saying that "it is a huge risk".
Mind you, my personal feeling is that me getting work email on my phone is a benefit to my employers and definitely NOT to me. I will gladly return my $75/month stipend to never receive another work email as long as I live. But, we need to establish how many people will fall into this category and how important it is to deal with it and how to proceed.
I've been searching google for about 30 minutes and I only came across a single article that discusses this issue and virtually none of the risks apply to us because we are only offering MS Exchange email sync to the device and we will be enforcing a user password screen unlock. And we will be able to wipe the corporate email application and data from the device if the the user loses it.
So, can anyone here give me real, verifiable security risks of allowing rooted android phones or jailbroke iPhones to connect to our exchange server?
To be honest, since I carry an Android, that is all I've really looked at. If iPhones are vastly different, I haven't run across it yet.