TL;DR
Yes, an employer can see cellular network traffic routed through a company-owned device. They typically do this using Mobile Device Management (MDM) software and/or by monitoring network connections at the gateway level. The extent of access depends on the policies in place and the MDM features enabled.
Understanding How Employers Monitor Company Devices
When you use a phone, tablet or laptop provided by your employer, it’s important to understand they have more control over that device than you might think. Here’s how they can monitor your data usage:
1. Mobile Device Management (MDM) Software
Most companies use MDM software to manage their devices. This software allows them to:
- Install and configure apps: They can remotely install, update, and remove applications.
- Enforce security policies: Passcode requirements, encryption settings, and restrictions on certain features (like cameras) are common.
- Track location: MDM often includes GPS tracking capabilities.
- Monitor data usage: This is the key part for this question. MDM can log which websites you visit, apps you use, and how much data you consume. Some can even inspect the content of traffic (see section 4).
- Remote wipe: In case of loss or theft, they can erase all data on the device.
Popular MDM solutions include Microsoft Intune, VMware Workspace ONE, and Jamf.
2. Network-Level Monitoring
Even without MDM, employers can monitor network traffic at their gateway level:
- Firewalls & Proxies: Company networks use firewalls and proxy servers to control internet access. These systems log all websites visited by devices connected to the company network (including cellular data if routed through a company VPN).
- VPNs: If you connect to a company Virtual Private Network (VPN), all your traffic is routed through their servers, allowing them to see everything you do online.
To check if you’re using a company VPN, look for an application labelled ‘VPN’, ‘Cisco AnyConnect’, or similar in your app list.
3. Data Logging & Reporting
The data collected by MDM and network monitoring tools is usually stored in reports accessible to IT administrators. These reports can show:
- Website history: A list of websites visited, timestamps, and duration of visits.
- App usage: Which apps were used, when, and for how long.
- Data consumption: Total data used by each app or user.
There isn’t a single command to see this data as an end-user; it’s accessible only through the IT department’s management console.
4. Deep Packet Inspection (DPI) – More Invasive Monitoring
Some employers go further and use DPI. This allows them to:
- Inspect unencrypted traffic: They can see the actual content of websites you visit if they aren’t using HTTPS (secure connections).
- Analyze app data: They might be able to see what you’re doing within apps, depending on how the app is designed.
DPI raises privacy concerns and may be subject to legal restrictions. It requires more sophisticated monitoring tools.
5. What About Encrypted Traffic (HTTPS)?
While HTTPS encrypts the content of your traffic, employers can still see:
- The domain name: They know you visited ‘example.com’, even if they can’t see what specific pages you viewed.
- Timestamps and duration: When you connected to the website and how long you stayed there.
Some advanced MDM solutions use TLS interception (also known as man-in-the-middle) to decrypt HTTPS traffic, but this is less common due to security and privacy implications.
6. What Can You Do?
- Read the company’s mobile device policy: This document should outline what monitoring practices are in place.
- Use your personal device (if allowed): If possible, using a personal phone or laptop gives you more control over your data.
- Be mindful of your online activity: Assume that everything you do on a company-owned device is being monitored.