Privacy Policy for SafeNet Knox Plugin


​Latest update: May 29, 2018 

This privacy policy governs your use of the software application [___SafeNet Knox Plugin _].

By using the Application, you are consenting to our processing of your information as set forth in this Privacy Policy now and as amended by us. 

1- Device & App history 

 Does the App allow to view one or more of information about activity on the device, which apps are running, browsing and bookmarks? 

No 

2- Location 

Does the App use the device's location: Approximate location (network based)
Precise location: GPS and network based? 

Yes. Location needs to be enabled for Bluetooth LE to work. 

Does the App notify and obtain user consent before collecting, transmitting or using location data? 

Yes. The App obtains user consent to use the location permission through Android's runtime request: a dialog asking to access your location with ALLOW and DENY as choices. Location data does not leave the device. Location data is not used by the app. 

3- Identity 

Does the App find account on the device? Add or remove accounts? 

No 

4- Photos/media/files 

Does the App uses one or more of: files on device such as images, videos or audio, the device's external storage? 

No 

5- Wi-Fi connection information 

Does the App allow to view information about wi-fi networking, such as whether wi-fi is enabled and anmeas of connected devices? 

No 

6- Device ID & Call information 

Does the App allow to determine the phone number and device IDs, whether a call is active and the remote number connected by a call? 

The phone identity (IMEI) is used to calculate a device fingerprint, used to encrypt and store some secret data in the phone memory. Determining whether a call is active and determining the remove number connected by a call is not used. 

Does the App also records and transmits anonymized network performance data for analysis by Analytic Engine. This data is used for the purpose of assessing network quality of service issues. No personally identifiable information is recorded or transmitted, including no key press information, no contact information, etc.? 

No 

7- App description 

SafeNet Knox Plugin is a mobile application developed based on Samsung Knox SDK, particularly on the Knox Universal Credential Management (UCM) SDK, for Samsung devices running on the Android platform.With the Knox UCM framework, SafeNet Knox Plugin brings the highest possible security level to other Knox compliant applications by providing the access to the Gemalto PKI Secure Elements, and acting like a standardized middleware. It is a BYOD-ready technology that protects the confidential information by separating the private and professional environments of the users in two isolated containers. The security policy of the professional container is completely controlled by the IT Administrator, possibly using a MDM (Mobile Device Manager) from Samsung or other vendors. 

8- App Permissions

Does the App require access to certain systems within your device? When you install an application, you are notified of all of the following permissions required to run that application:

READ_PHONE_STATE: needed to get device identifiers to calculate a device fingerprint. This is used to encrypt and store secret data. 

LOCATION: needed to use Bluetooth LE. 

STORAGE: needed to access the microSD card. 

9- Encryption

Does the App send data over unencrypted (HTTP) or an encrypted (HTTPS) connection?

No

​10- Explain why the data are being collected, when and for what purpose

No 

11- Do you assign an appropriate rating to the App?

No

12- Can the App be downloaded by children?

Yes

13- Does the App comply will all the terms and conditions explained in the Apple iOS Human Interface Guidelines?

This is an Android app. 

14- Does the App use trademark, service mark or images of Google, apple, BlackBerry or other market store owners?

Samsung Knox

15- Security and Retention

Data storage: The app stores all the data in secure in the phone internal storage with encryption.

Data usage: No identifier to identify the device is sent to Gemalto server.

Data Transmission: There is no data transfer from device to Gemalto server.