top of page
Search

An employer can monitor an employee's activity via their cell phone 24/7 if they download a company app

  • Writer: Axiom Staff
    Axiom Staff
  • Apr 24, 2025
  • 3 min read

An employer’s ability to monitor an employee’s cell phone activity 24/7 via a company app depends on several factors, including whether the phone is company-issued or personal, the scope of monitoring, legal constraints, and employee consent. Here’s a breakdown:

Feasibility

  • Company-Issued Phones: Employers can install apps (e.g., Mobile Device Management (MDM) solutions like InterGuard, Veriato, or Hubstaff) on company-owned devices to monitor activity 24/7. These apps can track calls, texts, emails, app usage, browsing history, location, and more, as outlined in my previous response.

  • Personal Phones: Monitoring personal devices is possible if the employee installs a company app (e.g., an MDM or monitoring app) and grants permissions. However, continuous 24/7 monitoring, especially outside work hours, raises significant legal and ethical issues.

  • How It Works: The company app, often integrated with MDM, requires employee consent to access device data. On iOS, this involves accepting an MDM profile (visible in Settings → General → VPN & Device Management). On Android, it may involve enabling Device Admin Apps or granting permissions. The app can then collect data continuously, depending on its configuration.

Legal Considerations

  • Company-Owned Devices:  

    • Under the Electronic Communications Privacy Act (ECPA), employers can monitor company-issued devices for legitimate business purposes, especially if employees are notified in advance.  

    • Some states (e.g., Connecticut, Delaware) require prior notification or written consent for monitoring.  

    • 24/7 monitoring is generally permissible if it aligns with business needs (e.g., data security, productivity) and is clearly disclosed in company policies.

  • Personal Devices:  

    • Monitoring personal phones 24/7 is legally risky without explicit, informed consent. Employees must voluntarily agree to install the app and understand the extent of monitoring.  

    • Laws in states like California (California Invasion of Privacy Act) or New York may restrict monitoring personal devices, especially for non-work-related activities or outside work hours.  

    • The Stored Communications Act (SCA) and state privacy laws may limit access to personal data (e.g., personal emails, texts) unless clearly authorized.  

    • Without consent, 24/7 monitoring could violate privacy laws, leading to lawsuits or penalties.

  • Federal and State Variations: Always consult legal counsel to ensure compliance with local laws. For example, California requires two-party consent for certain types of monitoring, while New York mandates notification for workplace surveillance.

Ethical and Practical Considerations

  • Employee Consent: Employees must be informed about what data is collected, how it’s used, and whether monitoring extends beyond work hours. A transparent policy and signed acknowledgment are critical.  

  • Scope of Monitoring: 24/7 monitoring, especially on personal devices, can erode trust and morale. Employers should limit monitoring to work-related activities (e.g., company apps, work email) and avoid accessing personal data (e.g., personal texts, photos).  

  • Technical Challenges: On personal devices, segregating work and personal data is complex. Apps like Microsoft Intune or VMware Workspace ONE can create work profiles to limit monitoring to business activities, but 24/7 access to the entire device requires broader permissions.  

  • Employee Pushback: Continuous monitoring may lead to resentment or workarounds (e.g., using secondary devices). Some employees might refuse to install the app on personal phones, citing privacy concerns.

Best Practices

  1. Clear Policy: Develop a written policy specifying what is monitored (e.g., app usage, location, work emails), when (work hours vs. 24/7), and why (e.g., security, productivity).  

  2. Consent: Require employees to sign a consent form before installing the app, especially for personal devices.  

  3. Limit Scope: On personal phones, use apps that monitor only work-related activities (e.g., via a work profile). Avoid collecting personal data.  

  4. Transparency: Inform employees about the app’s capabilities and provide access to MDM settings to verify monitoring.  

  5. Legal Review: Consult a lawyer to ensure compliance with federal and state laws, particularly for 24/7 monitoring or personal devices.

Example Software

Apps like InterGuard, Veriato, Hubstaff, or Microsoft Intune can be configured for 24/7 monitoring if installed on the device. They track location, app usage, and communications but require proper setup and consent. For personal devices, Intune or Workspace ONE are preferred for creating separate work profiles to limit intrusion.

 
 
 

Comments

bottom of page