Hi all. I just got a new Pixel 8. It’s my first Android phone. My work uses Google Workspace but doesn’t use work profiles or manage devices in any way. I’d like to be able to do the following from my phone.
- Check email
- Check calendar
- Join Google Meet meetings
I looked around to see what our IT person might be able to see if I add this account in the phone’s settings, but I could only find stuff related to work profiles. Anyone know? Any reason I shouldn’t add it this way?
Thanks in advance!
Check out Shelter. It will allow you to leverage the work profile feature for yourself.
Thanks! I installed this and it seems like it will do almost exactly what I want. I think I’d still prefer to have a calendar app where I can see both work and personal, but I can leave that as a project for another day.
You should be able to get an ics url from the calendar sharing settings and import it into your current calendar app without needing to add the account. You won’t be able to change things from your personal account but you should be able to see events.
Very similar app also available called Island. Basically the same function, allows you to make a locally administered work profile instance, and then you can copy items over from the main instance and keep them up to date passively from the play store.
And to take it a step further, Insular is a fork of Island that is completely FLOSS
Full-time Workspace admin here. My company currently doesn’t manage devices or use work profiles either. I can’t see anything on a user’s device, the most I can do is block the device from syncing or wipe the data owned by the work account (but not touch your personal apps or files). The admin documentation is actually public at support.google.com/a/.
If data is needed it’s going to be on request from the security, compliance, or legal teams. Your particular use case is pretty low risk. By default the Gmail app caches the last 30 days of email, but those are stored within your work account on the cloud anyway. So I could get what they need regardless of your device. There would be more risk if you were downloading local copies of Google Docs or something.
To lower the risk further you could make a totally separate user on Android (with its own PIN, homescreen, apps, etc). The OS should partition that off and encrypt it so it can’t even interact with your personal data. However you’d have to switch logins if you want to access personal stuff. I haven’t tried the other sandboxing software mentioned here so I can’t vouch for it, but that could be a lot more convenient.
Of course for zero risk of your phone being confiscated in a litigation sweep, it’s best to just have a totally separate work device. That’s what I do.
Thank you! I really appreciate getting concrete info on what can / can’t be seen by IT admins.
I don’t know about your scenario but I recently started using Insular to manage separating my work apps on my phone and that’s been great
I’m against adding work stuff to personal phones, but if you have to, you have to. So I try and set it up as a separate/logical phone within a phone.
For Pixels, I always install GrapheneOS regardless, “the private and secure mobile operating system with Android app compatibility. Developed as a non-profit open source project.” https://grapheneos.org
Then for work, I’d use a separate profile with only the needed apps for separation and, increased security and privacy: https://grapheneos.org/features#improved-user-profiles
I use the Outlook app for separating entities before I learned that work profiles were a thing and that my company has them turned on. Gives me different notifications I can control instead of all through Gmail, it’s still sandboxed because O365 does the same containerization, and it also does calendar syncing.
My only complaints are it doesn’t handle password changes very well (have to completely re add my profile when it’s time), and it is Outlook focused so it misses some Gmail features. This also doesn’t solve your Google Meet problem, but at least it’s two out of the three.