PanicStation.org
UK USA
us Technology & digital loss unfamiliar device management profile • unknown management profile on phone • mdm profile i didn’t install • phone says managed by organization • supervised iphone message • vpn and device management profile • configuration profile on iphone • unknown work profile on android • android work profile appeared • device admin app i don’t recognize • profile installed after link • scammer told me to install profile • remote management on personal phone • my phone is enrolled in mdm • device management profile removal • worried phone is being monitored • corporate management on my phone • phone settings changed by profile

What to do if…
you discover an unfamiliar “device management” profile installed on your phone

Short answer

Stop using the phone for sensitive accounts, disconnect it from networks, and document the profile details before removing it—because deleting a management profile can remove settings, accounts, or work data tied to it.

Do not do these things

  • Don’t sign into banking, email, or password managers on that phone until you’ve checked what’s being managed.
  • Don’t follow instructions from a caller/text/chat claiming to be “Apple/Google/Microsoft/your bank/your carrier” telling you to install or keep a profile.
  • Don’t download “MDM removal” tools from random sites or let a stranger remote-control your computer/phone.
  • Don’t factory reset first if this might be a legitimate work/school device—resetting can cause lockouts or data loss.
  • Don’t assume the profile is harmless just because it has an official-sounding name.

What to do now

  1. Reduce risk immediately

    • Turn on Airplane mode, then switch Wi-Fi and Bluetooth off.
    • Use another trusted device for any urgent logins or account changes.

  2. Record what you’re seeing (so you can explain it clearly later)

    • Take screenshots of the profile screen: profile name, organization, “managed by…” message, and any listed VPN/certificates.
    • Note the date/time you noticed it and anything that happened right before (link/QR/app install/“IT help” call).

  3. Confirm where the profile lives on your phone

    • iPhone/iPad: Settings → General → VPN & Device Management (wording can vary). Open the profile and read who it claims to be.
    • Android: look for a Work profile (briefcase icon) and check Settings for something like Passwords, Passkeys & Accounts (or Accounts) where you may see Remove work profile. Names vary by device.

  4. Remove the unfamiliar management profile/work profile (if it isn’t clearly legitimate)

    • iPhone/iPad: choose Delete Profile and restart the phone. (Removing a profile can delete settings/accounts/apps installed by that profile.)
    • Android: if you see Remove work profile, use it and confirm deletion (this typically removes work-profile apps and data). If you don’t see it, you may need to remove the work account from the device settings instead; restart afterwards.

  5. Regain control of the accounts most likely to be exposed

    • From a trusted device, change passwords for: your main email, Apple ID/Google account, banking, and any password manager.
    • Turn on 2FA and review “devices signed in” / “recent activity” for Apple/Google and email providers; sign out anything you don’t recognize.

  6. Call your mobile carrier (official number) to reduce SIM/number takeover risk

    • Ask them to check for SIM swap/port-out activity and to add a stronger account PIN/passcode if available.

  7. Report if this looks like fraud or identity theft

    • For cybercrime/fraud reporting, file a report with IC3 (FBI’s Internet Crime Complaint Center).
    • If identity information may be misused, use IdentityTheft.gov (FTC) for a step-by-step recovery plan.

What can wait

  • You don’t have to decide right now whether you need a new phone.
  • You don’t need to hunt down the attacker or “prove” what happened immediately.
  • You don’t need to reset everything at once—start with network isolation, profile removal, and securing your key accounts.

Important reassurance

This is a common scam pattern and also something that can happen for legitimate reasons (work/school management, a used device, or a repair). The calm, effective move is to slow down, document it, remove it if it’s not yours, and lock down your accounts from a safe device.

Scope note

This guide covers first steps to stabilise and prevent irreversible mistakes. If the phone is employer/school-managed or you suspect targeted harassment, later steps may need specialist help.

Important note

This is general information, not legal or professional advice. If you believe you’re in immediate danger, call 911. If your device is tied to an employer/school program, confirm with their official IT/support channel before taking steps that could remove required access or data.

Additional Resources
Support us