A parent submitted the following concern about the AirWatch app on their child’s iPad:
There seems to be a general concern about AirWatch. Is this something new being added this year?
Are you installing it on iPads kids bring from home?
What information will the school be capturing from iPads brought from home.
As I understand it the school could pull the full hardware and software inventory. See phone numbers, carrier IMEI, serial number, OS Version, app inventory, GPS location, network IP’s, is encryption enabled, see pins. Can force a trusted certificate authority on at home device, set a required proxy, break ssl on all web traffic, force device to connect to the schools VPN at all times. The school could see all personal email, snapchats…. etc on a home device.
I know many families may choose to enroll in school provided iPads knowing the school has the capability to see every key stroke and therefore risk having encrypted information stolen from an outside source.
The privacy of your child is of the utmost importance to the Mendon-Upton Regional School District. Here is some information about what AirWatch is, what it has the capability if doing, what the district intends on doing with it, and the steps you can take to protect your child’s privacy.
What is Mobile Device Management (MDM)?
Mobile Device Management, or MDM, is a way for organizations to automate a number of tasks that are commonly done on mobile devices, including iPads. This can include restricting settings, installing shortcuts, distributing apps, and locating lost devices. There are many MDM providers out there, including JAMF Casper (which was used previously in the MURSD) and AirWatch.
What will this do to my child’s iPad?
Enrolling your personal, “BYOD” device in AirWatch will do a few things:
- Allow the school district to distribute paid apps to you at no cost.
- Allow the school district to distribute important shortcuts to you (including shortcuts to iStudent, iXL, Moodle, and other websites your teachers want you to use regularly).
- Allow the school district to send you important reminders or announcements directly to your iPad (no school announcements, information about updating your iPad, and more).
- Allow technology staff members to locate your device in the event it goes missing.
It is important to note that by enrolling your device in AirWatch, it will NOT allow the district to:
- Monitor your every move, including the websites you visit. It simply does not give us this capacity.
- Monitor your every keystroke and activity within apps. The district will not use any kind of features that allow this.
- Turn on and off the camera and microphone at will so we can see and hear what you are doing. MDM’s don’t allow this invasion of privacy.
Does my child have to enroll their device?
You must enroll your device to receive many apps that the district wants you to use that are paid. You must also enroll your device to take advantage of the highest internet speeds available in the schools. If you do not enroll your iPad, you may be required to join a “guest” network that is significantly slower and may disrupt your ability to access the internet at school.
To address the specific concerns listed above:
- Full hardware and software inventory – This information is collected and is necessary for the MDM to be able to properly assign purchased apps. If a child already has a paid app on the iPad, the MDM will not install a new copy of the software and there will be no impact on the device.
- See phone numbers, carrier IMEI – The MDM will only be installed on iPads, not personal cell phones. Because of this, there is no information regarding phone numbers or carrier information sent to the MDM.
- Serial number, OS Version, app inventory – This information is collected and is useful in the event of locating a lost device. It also allows us to make available needed apps and purchased apps to the students
- GPS location, network IP’s, is encryption enabled – Because the iPads require a Wi-Fi connection in order to send this kind of information, the iPad only retrieves GPS location when the device is connected to Wi-Fi. Users also have the option to restrict the AirWatch agent’s access to the device’s location by turning off access to location under the “Privacy” settings in the Settings app. Further information about protecting your child’s privacy on the iPad can be found here.
- See pins – The MDM does not allow us to see the PIN’s or Passcodes set on the device. We do have the ability to wipe the passcode from a device, if the student forgets what the passcode is. The MDM does not allow us to see or wipe the parental restriction passcode that you set on the device.
- Can force a trusted certificate authority on at home device, set a required proxy, break ssl on all web traffic, force device to connect to the schools VPN at all times. The school could see all personal email, snapchats…. etc on a home device. – Although these capabilities are available in an MDM, the district does not use any of these features. We consider this an invasion of privacy and is not something that district engages in or plans to engage in the future.