Delta Hub Could Access Personal Phone Data After TikTok Deletions

(DELTA, UNITED STATES) Delta pilots say they uncovered extensive company access to data on their personal phones after some were ordered to delete TikTok, prompting a union grievance and a swift review of how the airline’s internal app manages employee devices. The discovery focused on the Delta Hub app, which pilots use to access schedules and company systems, and how it installs a “personal managed” profile that can transmit information including a list of all apps on the device, the IP address, and potentially location details.

Pilots traced the issue back to calls from their Chief Pilot to specific individuals who had TikTok installed, instructing them to remove the app from their personal phones. The calls were not sent broadly to all staff but targeted only those with TikTok on their devices, leading pilots to conclude the company could see what apps were installed even on personal phones used for work access. As word spread among cockpit crews, messages and posts from Delta employees voiced anger and uneasy surprise that work software could open a window into their private digital lives.

“Pilots at Delta Air Lines made the horrifying discovery that a company mobile app installed on their personal cellphones could give the airline access to a wealth of personal data,” the union said as it began to probe what the Delta Hub app can see and share.

The Air Line Pilots Association (ALPA), which represents Delta pilots, moved quickly to investigate and filed a grievance seeking full transparency on the scope of data collected and who could access it within the airline.

“Through their union, Delta Pilots filed a grievance. The resolution process dictated that Delta Pilots’ IT Committee would get a demonstration from management showing what management can see in the Hub app,” ALPA said.

The union’s IT Committee, led by First Officer Justin Vandermark, pressed the company to detail the data flows and the technical controls linked to the app’s device profiles. Vandermark discussed the issue on a union podcast, laying out how the app’s configuration can blur lines between necessary security and intrusive monitoring when it sits on personal phones.

“With a Personal Managed profile, you’re basically installing a mobile device management profile onto your personal device that gives management the ability to see more information than they really need about your device, including IP address, networking, what apps are installed, and potentially location information,” ALPA’s IT guidance said.

The statement underscored why pilots bristled at learning that work access could also expose what else sits on their handsets, from social media to banking and health apps, even if the company was not actively harvesting content from those applications.

The flashpoint was TikTok. Delta’s action followed a U.S. government directive barring TikTok and other ByteDance applications from devices used in federal work and by federal contractors. While many organizations limit such bans to company-issued phones and tablets, pilots said Delta extended the prohibition to personal devices used to access company systems, which is how most crew members use the Delta Hub app day to day. The federal stance hardened last year when the Office of Management and Budget issued government-wide implementation guidance for the TikTok ban; airlines with federal contracts have had to align their device rules with contractor requirements, according to OMB Memorandum M-23-13.

Pilots said it was the targeted phone calls—only to people with TikTok installed—that revealed the scope of visibility the company had into their personal phones through the Delta Hub app’s profile. The specificity of those calls alarmed crews and their union, which argued the company should spell out exactly what data is visible and how to limit access when employees use personal phones for work. ALPA said the initial messages it received from pilots described a pattern of “direct calls” instructing the deletion of TikTok, rather than a general advisory to all staff, which in turn tipped pilots to the app-level information available to the company.

Reactions from employees were immediate and visceral.

“All work apps have been deleted from my phone I’ll just use the phone they gave us,” one employee wrote in a comment widely shared among pilots and ground staff.

Another person, echoing frustration over company reach into private devices, said, “They better be paying my cell phone bill too then….” For many, the episode revived a long-running debate in aviation and other industries that rely on personal phones for two-factor authentication and work app access: how much control should an employer have over a device the worker pays for.

ALPA formally engaged Delta and secured an invitation to the airline’s headquarters in Georgia, where company IT staff walked union representatives through what the Hub app collects and what it does not. Pilots said the session helped clarify the distinction between the “personal managed” profile, which places the device under mobile device management controls, and a “personal unmanaged” profile, which allows access to necessary work apps while keeping most personal device data out of view from the company. The union said the unmanaged profile limits employer visibility to the device type and which Delta apps are installed, a level of access pilots described as proportionate to work needs.

Delta’s IT team, according to ALPA, showed how the managed profile can collect network and device-level information, including the IP address the phone uses to connect, the catalog of installed applications, and the technical capability to track location. ALPA noted that while location tracking is a capability of device management, the union pressed for guarantees around whether and how such data could be activated or used. Pilots said the lack of early clarity—combined with the targeted TikTok deletion calls—fueled concerns that routine work access was opening a back door into their private lives.

The union’s intervention produced concrete steps. Delta provided instructions for employees to remove the “personal managed” profile and switch to “personal unmanaged,” which the union said significantly limits employer access to personal phone data. For iOS users, ALPA’s guidance told pilots to open Settings, tap General, then go to VPN & Device Management and delete the device management profile—steps that would move the phone out of the managed category before reinstalling only the Delta apps needed for work. The union framed the shift as a practical way for pilots to keep using personal phones without surrendering a detailed map of their digital footprint.

The dispute also cast a spotlight on how the Delta Hub app is configured by default. Pilots said that when they installed the app, it automatically enrolled their phones under a “personal managed” profile unless they took extra steps to opt for “personal unmanaged.” That default posture meant many Delta pilots and other employees may have been sharing more data than they realized from the moment they set up work access. ALPA urged members to check their profile status and to use unmanaged settings unless they were relying on a company-issued device, which could remain under full management without privacy concerns spilling over into personal use.

For pilots, the broader issue is the balance between necessary security and maintaining a reasonable privacy boundary when personal phones serve double duty as work tools. Mobile device management is common across industries for securing sensitive systems and enforcing compliance, especially when federal contracts are involved. But Delta pilots argue that the specific choices matter: whether the company relies on managed profiles on personal phones, whether it offers fully functional access through unmanaged setups, and how explicitly it communicates what data can be seen and under what circumstances.

ALPA said the grievance process remains a key tool to set those boundaries in writing. The union wants the airline to commit, in clear policy language, to the limited data view offered by the unmanaged option for employees who prefer to keep their own phones outside corporate management. It also wants regular transparency about any changes to how the Hub app handles device data. Pilots who had already deleted the Delta Hub app from their personal phones said they would continue using only company-issued devices until they were confident the unmanaged setup was fully supported and that access on personal phones would not quietly re-enroll them into the managed profile.

While some pilots said the explanation from Delta’s IT team was helpful, the initial experience left a mark. Crews said they did not want another surprise like the targeted calls about TikTok, which exposed how much the company could see. Several pilots said that, even with assurances, they planned to keep their personal phones clear of any work software and rely solely on company hardware for access to schedules, manuals, and internal communications. Others said they would reinstall the Hub app only after confirming the “personal unmanaged” status and verifying that no management profile remained on the device.

The incident rippled beyond pilot ranks to other Delta employees who also use the Hub app, from dispatchers to ground operations staff who rely on personal phones to check shifts and updates. Many shared the same concerns: the list of installed apps can reveal a lot about a person’s life, from hobbies and politics to health conditions. Even if a company does not read content in those apps, the metadata alone—app names, network addresses, time and location connections—can paint a detailed picture. For a workforce that often travels and connects through hotel and airport networks, the idea that IP address and location data might be visible added to the discomfort.

Delta’s clarification around the two profile types gave employees a practical path to limit access without losing the ability to do their jobs. The company’s step-by-step instructions to switch to “personal unmanaged” mirrored the union’s guidance and were shared widely among crews. ALPA told pilots to treat their phones as personal by default and to use the company-issued devices for any workflow that demands full management. It said pilots should periodically review their settings to ensure the Hub app had not added a device management profile back onto their phones after updates.

For now, the dispute appears to have eased, with both sides acknowledging that unmanaged profiles substantially reduce the data the airline can see on personal phones. But pilots say the episode underscores why unions press for contract language on digital privacy and for ongoing oversight of employer technology. With new security requirements coming from Washington and companies tightening controls on any device that touches their networks, pilots expect the question to keep resurfacing: if work moves onto personal phones, where does personal privacy begin and end?

The union maintains that the lesson from the Delta Hub app is straightforward. Device management may be necessary on company hardware or when a task demands it, but it should not be the default for personal phones used for basic access. ALPA said it would continue monitoring updates to the app and advising pilots on how to keep work functions separate from their private lives. The pilots who raised the alarm said that is all they wanted in the first place: clear rules, clear choices, and no surprises about who can see what on the device in their pocket.

Pilots say the events of recent weeks delivered one more reminder about the power of defaults in technology and the importance of transparency. If the default is managed, employees may unknowingly grant broad access; if the default is unmanaged, they can decide when to trade more privacy for specific work needs. For Delta pilots, the option to keep the Delta Hub app on personal phones without granting a deep look into their other apps, IP addresses, or location is the kind of middle ground they had expected. The grievance and subsequent demonstration at company headquarters have, at least for now, pushed airline management to that middle ground.

The union’s message to members has settled into a simple refrain: check your phone, switch to “personal unmanaged,” and use the company-issued device when a task truly requires management profiles. And for pilots who choose to keep work off their own phones entirely, the lesson is even simpler, captured in a line that ricocheted through text chains and group chats after the TikTok calls: “All work apps have been deleted from my phone I’ll just use the phone they gave us.”