Tell me how you feel about companies that host their development, test and production environments on the same hardware, in the same DMZs, and on the internet using identical webpages, but nifty URLs with titles like "dev.____.com" and "test.____.com". I'm feeling froggy about stuff like this today.
I'd like a heavier bat. Did I tell you the web server in question is dual-homed to the internal production network to "make the connection to the back end faster"?
They are efficiency geniuses! What could go wrong? I mean, you don't really think I could find a source code repo with dev account secrets (hey, it's just dev systems) and then install a logger and crawl the service account chains from there and own the whole environment, right? Never happen.
God I love having to enter my personal and financial information into databases handled by people I probably wouldn't want walking my dog judging by the lack of common sense.
Military lab so you would be VERY incorrect. They do more scans than Russia did against the Clinton/DNC servers
I used to work for a company with many US Govt contracts. We had to maintain C2 security at a minimum, and higher for those working on govt projects. They required those control apps on any mobile device that had access to anything they owned or controlled. In that situation, with the total monitoring/control/tracking/access to content that those apps allow, I'd NEVER do anything personal on a device that the company controls. Not ever. The answer, as was alluded to above, is get a personal phone for personal use, and if the company requires you to have mobile connectivity, then either you or they supply a second phone for that purpose only. If they aren't being overly cheap, they will provide the device. If they won't but your job requires it, then find a way to expense/deduct it.
My company provides a phone for me. Like you I could choose to use my personal phone but would have to put their software on it. No way! I don't mind though. Got one phone that's 100% for work and on a different carrier. I've found myself without service more than once, but the other phone was good. I dislike having two phones in my pocket, but oh well.
I use my personal phone for work because I refuse to carry two devices. I get a minimal stipend of $45 per month that I didn’t request for the trouble and I have to have it listed in the company directory while answering it 24/7 365 which I would do anyway. I don’t give fuck all if they somehow have easily figured a way to spy on my actions. Better chance of them discovering they need to throw me another 40k than anything else.