This article lists the permissions required by the Sophos Mobile Security application and describes their use.
Sophos Mobile Security Enterprise 5.5
Sophos Mobile Security 5.5
Sophos Cloud Mobile Security
The Sophos Mobile Security (SMSec) application requires the following permissions in order to successfully use all features provided with the app.
- Your Personal Information
- Read contact data
Allows an application to read the user's contacts data
SMSec usage: Select a number from a contact for the Loss & Theft wizard. This way, the app can send an SMS with location details in response to an SMS with a remote command from a configured mobile number.
- Read your web bookmarks and history
Allows the app to read the history of all URLs that the browser has visited and all of the browser's bookmarks.
SMSec usage: Needed for Sophos Mobile Security to be able to check URLs entered in the browser using the Sophos Cloud.
The application uses the Sophos Cloud lookup to check if the websites are malicious or contain inappropriate content.
- Write web bookmarks and history
Allows the app to modify the browser's history or bookmarks stored on the device.
SMSec usage: Needed for Sophos Mobile Security web filtering to be able to remove a malicious URL from the browser's history.
- Read call log
Allows an application to read the user's call log
SMSec usage: Required to import a call log entry into the spam protection filter list.
- Write call log
Allows an application to write (but not read) the user's contact data
SMSec usage: Needed to delete a call log entry when a call was blocked by the spam protection on devices up to Android 4.0.3
- Write contacts
Allows an application to write (but not read) the user's contact data
SMSec usage: Required to delete a call log entry when a call was blocked by the spam protection.
Allows an application to use the camera
SMSec usage: In order to facilitate the easy enrollment of a device with Sophos Cloud the enrollment emails from Sophos Cloud include QR codes. SMSec uses the camera to scan the QR codes only in this instance and as / when the user clicks the "Scan QR code" button.
- Services that cost you money
- Send SMS messages
Allows application to send SMS messages
SMSec usage: If Loss & Theft is enabled, allows to send a confirmation SMS after the execution of a remote command.
- Directly call phone numbers
Allows the app to phone numbers without your intervention.
SMSec usage: Allows Sophos Mobile Security to redirect calls to the standard device dialer when the user decides to check a telephone number with Sophos Mobile Security before it is called.
- Your Location
- Approximate (network-based) location
Access approximate location from location providers using network sources such as mobile tower and WiFi
SMSec usage: If Loss & Theft is enabled, allows retrieving location for locating the device.
- Precise (GPS) location
Access precise location sources such as the Global Positioning System on the device.
SMSec usage: If Loss & Theft is enabled, allows retrieving location for locating the device using .
- Your Messages
- Receive SMS
Allows the app to receive and process SMS messages. This means that the app could monitor or delete messages sent to your device without showing them to you.
SMSec usage: Receive command SMS from registered phone numbers for the Loss & Theft functionality
- Receive MMS
Allows an application to monitor incoming MMS messages to record or perform processing on them
SMSec usage: Required to read originator number and block incoming MMS according to spam protection rules.
- Read SMS
Allows an application to read SMS messages
SMSec usage: Required to search for malicious URLs in SMS according to spam protection rules.
- Write SMS
Allows an application to write SMS messages
SMSec usage: Required to restore quarantined SMS messages.
- Modify / Delete USB storage contents / SD card contents
Allows an application to write to the USB storage / SD card
SMSec usage: Write log and trace information to the SD card; delete viruses
- Phone Calls
- Read phone state and identity
Allows an application to access the phone features of the device.
An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to etc.
SMSec usage: Detect if the device is on roaming
- System Tools
- Retrieve running applications
Allows an application to get information about the currently or recently running tasks; a thumbnail representation of the tasks, what activities are running in it, etc.
SMSec usage: Detect if the Sophos Mobile Security services are running
- Automatically start at boot
Allows the app to have itself started as soon as the system has finished booting
SMSec usage: Start the Sophos Mobile Security services after boot of the device.
- Close other apps
Allows the app to end background processes of other apps. This may cause other apps to stop running.
SMSec usage: Allow Sophos Mobile Security to close the browser application when the user browses a website which is identified as malicious.
- Ignore Battery Optimizations
Allows an application to run in tze background
SMSec usage: Allow Sophos Mobile Security to protect the device all the time without being stopped by the Android operating system.
- Network Communication
- Full network access
Allows an application to create network sockets.
SMSec usage: Do cloud lookups to the Sophos SXL servers.
- View network connections
Allows an application to view the state of all networks.
SMSec usage: Detect if the device has an active WLAN connection.
- Control near field communication
Allows the app to communicate with Near Field Communication (NFC) tags, cards and readers
SMSec usage: Detect in the Sophos Mobile Security Advisor if NFC is enabled on the device or not.
- View Wi-Fi connections
Allows the app to view information about Wi-Fi networking such as whether WiFi is enabled and the name of connected WiFi devices.
SMSec usage: Detect in the Security Advisor if access to unsecured WiFi networks is configured on the device.
- Change Wi-Fi state
Allows applications to change Wi-Fi connectivity state
SMSec usage: Add Wi-Fi network configurations scanned with the QR code scanner
Other technical notes
As a professional security app SMSec interacts very strongly, more than other apps, with the operating system. For example, it test for rooting by asking for super administrator rights (without actually using them). Furthermore it goes deeply into the file system to scan for contents in files, even in system directory. It also communicates with Sophos Mobile Control the Sophos app for mobile device management.
SMSec also make use of Google Analytics to provide us with aggregate, anonymous telemetry data, for example how many devices use a particular feature. Sophos uses this data for product support and product development (e.g. to identify features that are more or less used by our user base and require perhaps an enhancement or warrant to be dropped).