Platform security

  • All the communications between server and %whitelabelText2% apps, uses HTTP protocol (versions 1, 2, 3) over secure connections with cryptographic protocol TLS 1.2 and 1.3. Certificate is Pinned in order to prevent man-in-the-middle attacks
  • MDM communications between server and devices are code-signed to prevent command tampering
  • critical and sensitive MDM communications between server and devices are end2end encrypted
  • %whitelabelText3% Agent for Android is compiled with advanced security technics that prevents code inspection, defends reverse engineering and takes the security more robust
  • View Screen feature can be forced on cryptographic protocol TLS to increase security
  • 2 factor authentication (via mail or Authenticator app) is enforced for admins
  • admin's single auth session is limited to a maximun of 8 hours
  • authentication on %whitelabelText2% is based on a token and time expiration
  • in cases of failed authentication attempts, user is asked to insert captcha verification code
  • server manage a ban list in case of attack or bruteforce attempts
  • server WAF uses ML-based mechanism to detect attacks and mitigates OWASP Top risks
  • when a password is changed, user will be notified on its email
  • data are separeted ad saved in a specific dedicated client's container
  • devices' or profiles' encryption is managed by the OS. See references for more info.
  • Android device integrity check can be enabled at enroll too.
  • data is mantained in Europe on Tier 4 datacenters with allmost the compliance standards like UNI CEI EN ISO/IEC 27001:2017 and AGID
  • XNOOVA S.R.L. has successfully completed a Cloud Application Security Assessment (Lab Tested - Lab Verified), validating Ermetix has satisfied CASA application security requirements. CASA is based on the industry-recognized Open Web Application Security Project (OWASP) Application Security
    Verification Standard (ASVS). More info on https://appdefensealliance.dev/casa/casa-requirements .

Android References

https://storage.googleapis.com/android-com/resources/enterprise/pdfs/AE Security Paper_V6 CM.pdf
https://source.android.com/security/encryption
https://www.linkedin.com/pulse/android-encryption-basics-mike-burr-cissp-giac-gmob

Apple References

https://support.apple.com/en-gb/guide/security/secf020d1074/1/web/1
https://www.apple.com/business/docs/site/AAW_Platform_Security.pdf

Firewall configurations["mobile"]~Knox Platform for Enterprise