Permissions required by the Sophos Mobile Security (SMSec) Android application

  • Article ID: 117499
  • Rating:
  • 25 customers rated this article 5.1 out of 6
  • Updated: 17 Sep 2015

Issue

This article lists the permissions required by the Sophos Mobile Security application and describes their use.

Applies to
Sophos Mobile Security Enterprise 5.5
Sophos Mobile Security 5.5
Sophos Cloud Mobile Security

Operating systems
Android

Permissions required

The Sophos Mobile Security (SMSec) application requires the following permissions in order to successfully use all features provided with the app.

  •  Your Personal Information
    • Read contact data
      Allows an application to read the user's contacts data
      SMSec usage: Select a number from a contact for the Loss & Theft wizard. This way, the app can send an SMS with location details in response to an SMS with a remote command from a configured mobile number.
    • Read your web bookmarks and history
      Allows the app to read the history of all URLs that the browser has visited and all of the browser's bookmarks.
      SMSec usage: Needed for Sophos Mobile Security to be able to check URLs entered in the browser using the Sophos Cloud.
      The application uses the Sophos Cloud lookup to check if the websites are malicious or contain inappropriate content.
    • Write web bookmarks and history
      Allows the app to modify the browser's history or bookmarks stored on the device.
      SMSec usage: Needed for Sophos Mobile Security web filtering to be able to remove a malicious URL from the browser's history.
    • Read call log
      Allows an application to read the user's call log
      SMSec usage: Required to import a call log entry into the spam protection filter list.
    • Write call log
      Allows an application to write (but not read) the user's contact data
      SMSec usage: Needed to delete a call log entry when a call was blocked by the spam protection on devices up to Android 4.0.3
    • Write contacts
      Allows an application to write (but not read) the user's contact data
      SMSec usage: Required to delete a call log entry when a call was blocked by the spam protection.

  • Camera
    • Camera
      Allows an application to use the camera
      SMSec usage: In order to facilitate the easy enrollment of a device with Sophos Cloud the enrollment emails from Sophos Cloud include QR codes. SMSec uses the camera to scan the QR codes only in this instance and as / when the user clicks the "Scan QR code" button.
  • Services that cost you money
    • Send SMS messages
      Allows application to send SMS messages
      SMSec usage: If Loss & Theft is enabled, allows to send a confirmation SMS after the execution of a remote command.
    • Directly call phone numbers
      Allows the app to phone numbers without your intervention.
      SMSec usage: Allows Sophos Mobile Security to redirect calls to the standard device dialer when the user decides to check a telephone number with Sophos Mobile Security before it is called.
  • Your Location
    • Approximate (network-based) location
      Access approximate location from location providers using network sources such as mobile tower and WiFi
      SMSec usage:
      If Loss & Theft is enabled, allows retrieving location for locating the device.
    • Precise (GPS) location
      Access precise location sources such as the Global Positioning System on the device.
      SMSec usage: If Loss & Theft is enabled, allows retrieving location for locating the device using .
  • Your Messages
    • Receive SMS
      Allows the app to receive and process SMS messages. This means that the app could monitor or delete messages sent to your device without showing them to you.
      SMSec usage: Receive command SMS from registered phone numbers for the Loss & Theft functionality
    • Receive MMS
      Allows an application to monitor incoming MMS messages to record or perform processing on them
      SMSec usage: Required to read originator number and block incoming MMS according to spam protection rules.
    • Read SMS
      Allows an application to read SMS messages
      SMSec usage: Required to search for malicious URLs in SMS according to spam protection rules.
    • Write SMS
      Allows an application to write SMS messages
      SMSec usage: Required to restore quarantined SMS messages.
  • Storage
    • Modify / Delete USB storage contents / SD card contents
      Allows an application to write to the USB storage / SD card
      SMSec usage: Write log and trace information to the SD card; delete viruses
  • Phone Calls
    • Read phone state and identity
      Allows an application to access the phone features of the device.
      An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to etc.
      SMSec usage: Detect if the device is on roaming
  • System Tools
    • Retrieve running applications
      Allows an application to get information about the currently or recently running tasks; a thumbnail representation of the tasks, what activities are running in it, etc.
      SMSec usage: Detect if the Sophos Mobile Security services are running
    • Automatically start at boot
      Allows the app to have itself started as soon as the system has finished booting
      SMSec usage: Start the Sophos Mobile Security services after boot of the device.
    • Close other apps
      Allows the app to end background processes of other apps. This may cause other apps to stop running.
      SMSec usage: Allow Sophos Mobile Security to close the browser application when the user browses a website which is identified as malicious.
  • Network Communication
    • Full network access
      Allows an application to create network sockets.
      SMSec usage: Do cloud lookups to the Sophos SXL servers.
    • View network connections
      Allows an application to view the state of all networks.
      SMSec usage: Detect if the device has an active WLAN connection.
    • Control near field communication
      Allows the app to communicate with Near Field Communication (NFC) tags, cards and readers
      SMSec usage: Detect in the Sophos Mobile Security Advisor if NFC is enabled on the device or not.
    • View WiFi connections
      Allows the app to view information about WiFi networking such as whether WiFi is enabled and the name of connected WiFi devices.
      SMSec usage: Detect in the Security Advisor if access to unsecured WiFi networks is configured on the device.

Other technical notes

As a professional security app SMSec interacts very strongly, more than other apps, with the operating system. For example, it test for rooting by asking for super administrator rights (without actually using them). Furthermore it goes deeply into the file system to scan for contents in files, even in system directory. It also communicates with Sophos Mobile Control the Sophos app for mobile device management.

SMSec also make use of Google Analytics to provide us with aggregate, anonymous telemetry data, for example how many devices use a particular feature. Sophos uses this data for product support and product development (e.g. to identify features that are more or less used by our user base and require perhaps an enhancement or warrant to be dropped).

     
    If you need more information or guidance, then please contact technical support.

    Rate this article

    Very poor Excellent

    Comments