> This applies to work-managed devices and doesn’t affect personal devices.
If I don’t own the device, I assume that anything and everything on it is fair game because that’s what it says in every employment agreement I’ve ever signed.
Agreed but a problem is when employers require installing software on personal devices (like phones) in order to access fully work-managed devices. How does one know that the 2FA software is not sending out other data? This is my concern because many work places seem to expect employees to use their personal phones in this way.