The geolocation of corporate mobile devices is a topic that raises questions, particularly from employees or staff representatives. In a context where data protection and privacy hold a significant place in businesses, all stakeholders must understand how these technologies work and under what framework they can be used.
Mobile Device Management (MDM) solutions allow organizations to administer their professional smartphones and tablets, as well as employee-owned mobile devices used for work purposes. Certain features, such as geolocation, can cause concern if their operation and limitations are not clearly explained.
In this article, we take a look at how geolocation works in an MDM environment and the technical safeguards in place to protect privacy.
An important distinction between different management modes
To understand geolocation in an MDM environment, it is important to distinguish between the different device management modes. Not all devices allow the same level of control for the company
Devices used for professional and personal purposes
When employees use their personal devices (TinyMDM’s BYOD mode) or a work device on which a personal space is permitted (TinyMDM’s WPCO mode), the separation between work and personal use is strictly enforced.
In these configurations, geolocation-related actions are technically impossible for the company, particularly accessing the device’s location and viewing its location history.
This separation is intentionally implemented to ensure that the employee’s private space remains completely inaccessible to the organization.
Devices used exclusively for professional purposes
In other cases, devices are provided by the company and intended exclusively for business use. This is particularly true for devices used in kiosk mode (devices limited to one or more applications) or in fully managed mode.
In these configurations, certain advanced features, including geolocation, may be available. However, they are not enabled by default. It is up to the company to decide whether to use them based on its operational needs.
A regulated and transparent feature for users
When geolocation is enabled, its use must not be discreet or hidden.
When a work device in fully managed mode is being tracked, the user is notified. A persistent TinyMDM notification indicates that location tracking is active.
Also in fully managed mode, the user retains visibility into which apps have access to geolocation. In particular, they can verify whether or not the management app has permission to access the location.
If a device is in kiosk mode with notifications enabled, the user can also see this persistent notification. However, if notifications and settings are hidden, the user will not see this information on their device.
This transparency helps build trust between the company and users of corporate devices.
Limited management of location data
Privacy protection also depends on how data is stored. Best practices recommend applying the principle of data minimization, which involves collecting and storing only the information that is strictly necessary. As a result:
- Geolocation data is stored for a limited period of time
- The number of recorded locations is limited
- Data is automatically deleted after a certain period of time
For example, some solutions apply stricter policies than standard recommendations. TinyMDM, for instance, limits data retention to a maximum of one month and the last 50 location points. Beyond that, the data is automatically overwritten.
Furthermore, when a device is reset, the location history is deleted immediately.
Conclusion: regulated geolocation for business use
The geolocation of work devices may raise legitimate concerns, but its operation is based on technical, organizational, and regulatory safeguards.
The distinction between personal and work devices, transparency toward users, and limits on data retention all serve as safeguards to protect employees’ privacy.
When used in this context, geolocation is primarily a tool designed to improve employee safety, protect equipment, and facilitate certain business operations, while respecting user rights.
It is precisely with this in mind that an Android mobile device management solution like TinyMDM was designed: to provide businesses with the tools to manage their work devices while incorporating robust technical safeguards and a usage framework that respects employee privacy.