Microsoft Orders China Staff To Use iPhones for Work and Drop Android

Microsoft told employees in China that from September they'll only be able to use iPhones for work, effectively cutting off Android-powered devices from the workplace. Bloomberg: The US company will soon require Chinese-based employees to use only Apple devices to verify their identities when logging in to work computers or phones, according to an internal memo reviewed by Bloomberg News. The measure, part of Microsoft's global Secure Future Initiative, will affect hundreds of workers across the Chinese mainland and is intended to ensure that all staff use the Microsoft Authenticator password manager and Identity Pass app.

The move highlights the fragmented nature of Android app stores in the country and the growing differences between Chinese and foreign mobile ecosystems. Unlike Apple's iOS store, Google Play isn't available in China, so local smartphone makers like Huawei and Xiaomi operate their own platforms. Microsoft has chosen to block access from those devices to its corporate resources because they lack Google's mobile services in the country, the message said.

How about no

[Snotnose]

If you want me to use an iPhone for work then you can damned well buy it for me and pay the monthly fees. I have an android and have no intention of going anywhere near Apple's walled garden with anything, let alone something as personal as my phone.

Re:

[MindStalker]

This is only because Google Play does not exist in China, and there is no authentic Microsoft Authenticator app for Android.

Re: How about no

[ArmoredDragon]

Usually with Android you can count on hardware attestation for integrity, but given there's no Chinese certificate authority that you can actually trust to sign the attestation certificate and actually be trustworthy about the device integrity, them it's basically useless. I'd agree with Microsoft here, Android isn't really an option in China specifically for that reason. But that's a China problem, not an Android problem. That's what happens when you're governed by a well-funded mafia.

Re: How about no

[AmiMoJo]

Right, the headline is misleading because it's not actually Android at all. It's a custom OS built on the Android Open Source Project (ASOP), but can't carry the Android name or branding because it doesn't have Google's services installed. Those services are mostly blocked in China, so domestic manufacturers replace them with their own.

I guess whoever wrote the headline probably had difficulty choosing to imply that Android was insecure, or Huawei was insecure. Both make such great clickbait.

Re:

[Ol Olsoc]

Right, the headline is misleading because it's not actually Android at all. It's a custom OS built on the Android Open Source Project (ASOP), but can't carry the Android name or branding because it doesn't have Google's services installed. Those services are mostly blocked in China, so domestic manufacturers replace them with their own.

I guess whoever wrote the headline probably had difficulty choosing to imply that Android was insecure, or Huawei was insecure. Both make such great clickbait.

You forgot to add that the dreaded iPhone was involved, sure to trigger some here to outrage.

Re:

[LazarusQLong]

exactly, the first post in this thread has someone saying that they would never go anywhere near Apple's 'walled garden'. And honestly Microsoft wouldn't have to choose this requirement if the Various Chinese cell phone manufacturers could all get together and support at least these various security standards together. This really isn't about Microsoft or Apple, but rather speaks to the issues with the android derivative that the Chinese manufacturers all adulterate to make their own flavors.

Re:

[AmiMoJo]

The Chinese manufacturers support stuff that is popular in China on their China-only operating systems. It's Microsoft that doesn't want to use those standards.

For overseas models they support the international standards, e.g. Xiaomi devices come with all the necessary certificates and chain of trust for playing back protected media (Netflix in HD) and making payments via Google Pay.

Re:

[LazarusQLong]

yes, that is all true, but this article appears to be about Chinese manufactured cell phones in China and Microsoft saying that at least for the near future they only support Apple iPhones for login inside China for people working for them, not that they don't outside China. at least that is what it sounded like to me when I read the article. Did I miss something?

Re:

[codebase7]

hardware attestation

Chinese certificate authority

trustworthy about the device integrity

But that's a China problem, not an Android problem. That's what happens when you're governed by a well-funded mafia.

*Sigh* You completely missed the point....

The issue isn't that China does not have a Google verified authority. It's that China's government could mess with the hardware, (that they probably BUILT, FYI), in such a way that Microsoft's corporate credentials could be extracted and then reused by them.

No amount of certificates, code signing, or hardware attestation is going to fix that. Nor will Microsoft's demands of only using Apple hardware. (China builds Apple devices too, and has influence on the oth

Re:

[spudnic]

Yes, but built to the exact specifications that Apple intended.

Re: How about no

[ArmoredDragon]

The issue isn't that China does not have a Google verified authority. It's that China's government could mess with the hardware

If you understand hardware attestation, then you'd understand that this is exactly the point. The signer has to lend their own credibility to the hardware, and the consumer (of the attestation quote) needs to trust that the signer has done some due diligence. You won't be able to find that in China.

Re:

[Anonymous Coward]

What's to stop Microsoft from simply providing an authentic APK to Chinese employees? There's nothing that prevents an Android user from installing an APK from local storage.

Re: How about no

[mattaw2001]

I don't think the problem is the availability of the app. I think the problem is that no app can be secure if the hardware platform and/or OS are backdoored.

Android in China is not Google's, nor are the hardware platforms. iPhone and Android+ Google Play are inspected, reviewed, and signed/encrypted from the moment they are made.

I believe the push for Windows 11 to require the tpm security chip is to force PCs to be a more closed platform like phones, with everything from the BIOS up "trusted" by signin

Re: How about no

[drinkypoo]

It's also because Microsoft has management tools for iPhones. They do of course suck. The device has to be wiped to be managed, for example.

Re:How about no

[Tx]

Our summary here and paywalled article doesn't help, but from another article elsewhere, "Microsoft is telling its employees in China that they have to use company-supplied iPhone 15 devices for work."

Re:

[Ol Olsoc]

If you want me to use an iPhone for work then you can damned well buy it for me and pay the monthly fees. I have an android and have no intention of going anywhere near Apple's walled garden with anything, let alone something as personal as my phone.

You tell 'em bro!

Re:

[WeighedAndMeasured]

If you want me to use an iPhone for work then you can damned well buy it for me and pay the monthly fees. I have an android and have no intention of going anywhere near Apple's walled garden with anything, let alone something as personal as my phone.

If you'd bothered to RTFA you'd see that MS will be paying for the purchase of an iPhone 15 to use for work purposes, and that the employees can continue to use their personal Android phones for everything BUT authentication.

Re:

[registrations_suck]

Right.

So, article says that they are giving the employees the phones.

Since it is a work phone, they are undoubtedly paying the plan fees on them too.

So take a breath. Settle down. Relax. Go back to your porn.

Re: How about no

[SuperDre]

That's my sentiment too. If my employer forces me to use an iPhone or iPad for work, they should provide them. But I'll keep using my own phone for personal use, and outside office hours you can contact me on that one as the workphone will be turned off.

Re: How about no

[devslash0]

Don't forget to ask your company to also provide credit card details in order to create an Apple ID for you.

"HA HA HA! You think this is the real Mao?"

[Pseudonymous Powers]

Banning Android for your workplace in China for security reasons is like banning smoking on your submarine that's at the bottom of the ocean and full of seawater.

banning

[zlives]

did MS also ban windows products and only allow MACs for security initiative. only makes sense.

Can I still use my Zune?

[jfdavis668]

I assume Windows Phone isn't an option.

Go along to get along

[Comboman]

>>Unlike Apple's iOS store, Google Play isn't available in China, so local smartphone makers like Huawei and Xiaomi operate their own platforms.

Makes me wonder what concessions Apple made to the Chinese government that Google wasn't willing to make.

Re:

[Ed Tice]

Apple uses Baidu as it's default search engine in China. Now you know.

Re:

[Comboman]

Thanks. Knowing is half the battle.

Re:

[jamesborr]

Perhaps none, although a certain quote does come to mind: “I am altering the deal. Pray I don't alter it any further.” -- Darth Vader. The laws/regulations in China mean whatever the CCP wants them to mean on any given day...

Re:Go along to get along

[Pinky's Brain]

They put the iCloud servers for Chinese citizens in China, that's it. ADP still works and iMessage with ADP or without cloud backup is still e2ee. CCP will know if you use it though and I'm sure it's going to be noted in your file and is part of their heuristics for finding citizens to harass.

Most chat services in China are by Chinese companies any way, if iMessage gets too popular with Chinese normies the CCP might reconsider but for now it's not a real blow to their surveillance. I suspect iMessage e2ee is a line in the sand for Apple, they do have some leverage as far as prestige and economic importance goes.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Pinky's Brain]

Can't do sentiment analysis, profiling and pre-crime shit that way. They'll want to be able to datamine everything in real time. They'll just compromise a little for Apple.

Re:

[tlhIngan]

>>Unlike Apple's iOS store, Google Play isn't available in China, so local smartphone makers like Huawei and Xiaomi operate their own platforms.

Makes me wonder what concessions Apple made to the Chinese government that Google wasn't willing to make.

Google Play is not available in China because Google is not available in China. Google was never willing to set up an office in China. They had an office Hong Kong, and Google did work fine in Hong Kong, but because of the Chinese takeover of the SAR, they

crisis of control

[ne0n]

Somebody in China must hate Korean phones. I wonder why.

Only hundreds?

[bjwest]

The measure, part of Microsoft's global Secure Future Initiative, will affect hundreds of workers across the Chinese mainland

There's over 1.4 BILLION people in Mainland China, and this measure only effects hundreds of them? Microsoft seems to have a very small footprint in China.

TL;DR if you didn't RTFA

[WeighedAndMeasured]

1. The reason for this change is because MS is trying to improve their entire cybersecurity stance across the board.
2. China blocks the Google Play store, so Android devices cannot download or update MS Authenticator for employee use.
3. Affected employees will be provided - at no cost - an iPhone 15 to use for this purpose.
4. Affected employees may still use their personal Android phones for everything else.

A lot of you need to try to remember that not everyone is a power user, so not everyone roots their devices. People who even know how to root their devices are a super-minority of the entire Android userbase.

Plus it may be against corporate policy to use a rooted device (especially one that's used as an MFA) anyway.

RTFA instead of knee-jerking.

Re:

[znrt]

RTFA instead of knee-jerking.

you take this way too seriously. knee-jerking is what most people enjoy doing here. the whole issue is the insignificant pretext, it's just catchy filler content for bloomberg because it contains china and microsoft in the headline, and serves the same purpose in slashdot's echo chamber except they maybe even got paid some crumbs for the linkback too, but really, who gives a fuck about what phone a few employees that ms has in china got to use? you? really? i'd say not even ms.

No InTune?

[Vehemence]

But if these are company-supplied devices, they should be company-managed. So why are they not using InTune (Their own product!) and pushing apps internally which are acquired from the google play store stateside?

Could be worse

[Bu11etmagnet]

Could be worse, they could have ordered their staff to use Windows Phones

hardware tokens?

[LeadGeek]

It's indicative of a shit-show anytime you force employees to use their own devices for authentication. Company-issued hardware token based 2FA is a much better alternative.

Re:

[jaa101]

Relax: these are iPhones that Microsoft issues to its employees.