This article provides some answers to frequently asked questions about Sophos Mobile Encryption 2.2. available for Android and iOS.
Applies to the following Sophos product(s) and version(s)
Sophos Mobile Encryption for iOS 2.2
Sophos Mobile Encryption for Android 2.2
iOS 6, iOS 7, Android 4.x
Sophos Mobile Encryption 2.2 - Frequently Asked Questions
How are imported keys secured on Android devices?
On Android 4.3, the keys are saved within the key storage area secured by the operating system.
On versions lower than 4.3, an app password has to be defined. The keys stored locally are secured by a key derived from this password.
How are imported keys secured on iOS devices?
Our application does not add any cryptographic information or functionality into the operating system. The keys are secured by the standard cryptographic functionality of iOS. Only applications using a specific Sophos certificate are able to access the keys imported by Sophos Mobile Encryption.
Can I backup the keystore of an Android device?
No, this is not possible.
Can I backup the keys stored on an iOS device?
This depends on the way Sophos Mobile Encryption was installed. If the application was deployed via Sophos Mobile Control then it would be a managed application. Managed applications are not part of iTunes backups and therefore the keys are not backed up.
If the application was downloaded by yourself, you can create an encrypted backup using iTunes which contains all key information.
How can I encrypt a file e.g. attached to an email?
Click on the file attached to the email.
For Android, the "Complete action using" view appears.
For iOS the "Open with" view appears.
Within this, Sophos Mobile Encryption is now listed with "Encrypt and store" (Android) or "Open in Encryption" (iOS). Once selected, you are able to specify a name, an encryption key and an upload location.
Once everything is set, press the "Encrypt and store" button. If a cloud storage provider was chosen as the location, the app will upload the file directly if possible.
Can I encrypt a file which is already stored in my cloud storage provider?
Yes, but a second application is required to do so. Open your cloud storage provider (such as Dropbox) and browse to the file location. Click on the file in question and press the "Share" button and then select "Open in,,,". Selecting "Open in Encryption" will open Sophos Mobile Encryption and the upload dialog will appear.
Select a key, the storage area and a folder in which you want to save the file.
Is it possible to save a file in plain text?
No, you have to choose an encryption key when saving the file.
Can I change the password of an already existing key?
No, you cannot reset the password.
Can I import keys generated on my mobile device into my SafeGuard Enterprise key ring?
Open the location of your cloud storage provider, e.g. Dropbox. Right click on the encrypted file and select "Import Key from file".
Enter the passphrase for the key in use. After entering the correct password, the key will be saved in your keyring and reported to the SafeGuard Management Center.
If I forget the password of a key, can I still get access to the file?
Yes, but only if you have the key in your SafeGuard Enterprise keyring. You will then have to re-encrypt the files with a key you know the password to.
What happens if I disable the keyring feature of Sophos Mobile Encryption?
All keys which have been imported to the device will be removed. Once the keyring is deactivated, you have to enter the password of the encryption key every time an encrypted file is opened.
What is the app protection password used for?
The app protection password adds an additional layer of security. You can enable this feature in the settings of Sophos Mobile Encryption.
For Android, the settings can be found by pressing the "settings" button.
On an iOS device the settings are available at "Settings | Encryption".
Why do I have to enter the app protection password again after it has been disabled in the iOS settings?
As the settings of the application is not part of the iOS app, you have to enter the app protection password once again to disable it.
This behavior might change with a future version of Sophos Mobile Encryption.
I activated the app protection password but disabled the recovery password. Can I resend / re-enable the recovery password for the existing password?
You can create a new recovery password if you change your app protection password. Simply re-enabling the feature for the existing password is not possible.
If I forget my app protection password. Are all encrypted files lost?
If you still know the password for your encryption keys, you can simply uninstall the application and reinstall it as the app protection password will not be activated anymore.
Additional information: Sophos Mobile Encryption manuals can be found on our documentation page.