Sophos Secure Workspace - Frequently Asked Questions

  • Article ID: 120692
  • Updated: 04 Apr 2016

This article provides some answers to frequently asked questions about Sophos Secure Workspace available for Android and iOS.

Applies to the following Sophos product(s) and version(s)
Sophos Mobile Encryption for iOS
Sophos Mobile Encryption for Android

Operating systems
iOS 6, iOS 7, Android 4.x

Sophos Secure Workspace - Frequently Asked Questions

How are imported keys secured on Android devices?

On Android 4.3, the keys are saved within the key storage area secured by the operating system.
On versions lower than 4.3, an app password has to be defined. The keys stored locally are secured by a key derived from this password.

How are imported keys secured on iOS devices?

Our application does not add any cryptographic information or functionality into the operating system. The keys are secured by the standard cryptographic functionality of iOS. Only applications using a specific Sophos certificate are able to access the keys imported by Sophos Secure Workspace.

Can I backup the keystore of an Android device? 

No, this is not possible.

Can I backup the keys stored on an iOS device?

This depends on the way Sophos Secure Workspace was installed. If the application was deployed via Sophos Mobile Control then it would be a managed application. Managed applications are not part of iTunes backups and therefore the keys are not backed up.
If the application was downloaded by yourself, you can create an encrypted backup using iTunes which contains all key information.

How can I encrypt a file e.g. attached to an email?

Click on the file attached to the email.
For Android, the "Complete action using" view appears.
For iOS the "Open with" view appears.

Within this, Sophos Secure Workspace is now listed with "Encrypt and store" (Android) or "Open in Workspace" (iOS). Once selected, you are able to specify a name, an encryption key and an upload location.
Once everything is set, press the "Encrypt and store" button. If a cloud storage provider was chosen as the location, the app will upload the file directly if possible.

Can I encrypt a file which is already stored in my cloud storage provider?

Yes, but a second application is required to do so. Open your cloud storage provider (such as Dropbox) and browse to the file location. Click on the file in question and press the "Share" button and then select "Open in,,,". Selecting "Open in Workspace" will open Sophos Secure Workspace and the upload dialog will appear.
Select a key, the storage area and a folder in which you want to save the file.

Is it possible to save a file in plain text?

Yes. Simply set the "Encrypt" option to "No".

Can I change the password of an already existing key?

No, you cannot reset the password.

Can I import keys generated on my mobile device into my SafeGuard Enterprise key ring?


Open the location of your cloud storage provider, e.g. Dropbox. Right click on the encrypted file and select "Import Key from file".
Enter the pass phrase for the key in use. After entering the correct password, the key will be saved in your keyring and reported to the SafeGuard Management Center.

If I forget the password of a key, can I still get access to the file?

Yes, but only if you have the key in your SafeGuard Enterprise keyring. You will then have to re-encrypt the files with a key you know the password to.

What happens if I disable the keyring feature of Sophos Secure Workspace?

All keys which have been imported to the device will be removed. Once the keyring is deactivated, you have to enter the password of the encryption key every time an encrypted file is opened.

What is the app protection password used for?

The app protection password adds an additional layer of security. You can enable this feature in the settings of Sophos Secure Workspace.

For Android, the settings can be found by pressing the "settings" button within the app.
On an iOS device the settings are available within the app at "Options | Settings".

I activated the app protection password but disabled the recovery password. Can I resend / re-enable the recovery password for the existing password?

You can create a new recovery password if you change your app protection password. Simply re-enabling the feature for the existing password is not possible.

If I forget my app protection password, are all encrypted files lost?


If you still know the password for your encryption keys, you can simply uninstall the application and reinstall it as the app protection password will not be activated anymore.

Additional information: Sophos Secure Workspace manuals can be found on our documentation page.

How to get access to encrypted files on a Windows machine is explained in article 120795


If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent