NOWSECURE ANNOUNCED AS AN APP DEFENSE ALLIANCE (ADA) AUTHORIZED LAB TO PERFORM INDEPENDENT SECURITY REVIEWS

Now Android developers can publicly show users they safeguard trust through standards-based independent security validation in their Google Play Data safety section.

NOWSECURE ANNOUNCED AS AN APP DEFENSE ALLIANCE (ADA) AUTHORIZED LAB TO PERFORM INDEPENDENT SECURITY REVIEWS NOWSECURE ANNOUNCED AS AN APP DEFENSE ALLIANCE (ADA) AUTHORIZED LAB TO PERFORM INDEPENDENT SECURITY REVIEWS Show More
magnifying glass icon

Privacy and Security

NowSecure is a mobile security company. The data we collect is used only to provide the NowSecure software and services. We do not sell your personal information. For additional information about how the NowSecure Mobile Apps use collected data to protect your privacy and security, read below and refer to our Privacy Policy

Privacy

We follow a Privacy Policy focused on using data collected only for its intended purpose: mobile security intelligence and protection for our users.

What Data We Collect

In order to provide mobile intelligence and help users protect their data, the NowSecure Mobile Apps can collect data from a variety of mobile sensors and uses limited permissions as necessary to provide you the best in mobile security. The data can include some personally-identifiable information like device identifiers and fine geolocation.

In general, data collected can include:

  • Device and operating system versions
  • App names and versions
  • Geolocation data
  • Network and wi-fi data
  • Lock state
  • Battery statistics
  • Debugging state
  • Root/jailbreak Indicators

Note: Some data available for Android or iOS only

What It’s Used For

Data from the NowSecure Mobile Apps are used to provide mobile security intelligence and privacy protection. Mobile sensor data are combined with our research and known threats to provide security scores and recommendations.

The data can also be used in anonymous form for security research, internally or in collaboration with other security professionals. Any external sharing is restricted to anonymous data. No personal information is shared.

What It’s Not Used For

We do not sell your personal information. Period.

Permissions Requested – Android & iOS

The NowSecure Mobile Apps require certain permissions to properly secure your Android and iOS devices. The permissions required by the apps are listed below along with explanations of how and why the apps use those permissions. If there is an Android-specific permission that applies, it is listed as well.

Systems

The NowSecure Mobile Apps check for specific OS information, such as current version, to determine if you are running an out of date or vulnerable OS. There are no specific Android permissions required for this information.

CONFIGURATIONS

These permissions allow you to locate your device, and also allow the NowSecure Mobile Apps to baseline key metrics to keep you secure. Additionally, the apps inform you if they discover any device configuration security concerns, such as removal of your passcode or PIN.

Android permissions included:

  • android.permission.ACCESS_COARSE_LOCATION
  • android.permission.ACCESS_FINE_LOCATION
  • android.permission.BATTERY_STATS*

*Note: In Android 4.4 this has been restricted and therefore will be phased out.

Applications

The NowSecure Mobile Apps look at application version information to determine if you have any applications that have known security flaws on your device. There are no specific Android permissions required for this information.

Networks

Network permissions allow the NowSecure Mobile Apps to download and upload security information to the NowSecure cloud, inform the apps of whether you have a valid internet connection, and allow the apps to detect the current Wi-Fi access points your device connects to. These features enable the apps to warn you when you have connected to an unsecured Wi-Fi network, scan for compatible Wi-Fi devices that are nearby, and save battery life by delaying uploads when not connected to Wi-Fi.*

(*Note: This never includes any password details)

Android permissions included:

  • android.permission.INTERNET
  • android.permission.ACCESS_NETWORK_STATE
  • android.permission.ACCESS_WIFI_STATE
  • android.permission.CHANGE_WIFI_STATE
  • android.permission.BLUETOOTH

*Can be disabled in your in-app and/or web dashboard settings.

Others

The NowSecure Mobile Apps use the permissions below to provide you with a seamless user experience and the best in mobile security. The permissions below allow the apps to complete security data uploads if the device is syncing while the phone is being put to sleep, ensuring that your security won’t rest just because your phone does. Other permissions save you time by allowing the apps to auto-fill your user information in registration screens.

  • android.permission.READ_PHONE_STATE
  • android.permission.RECEIVE_BOOT_COMPLETED
  • android.permission.WAKE_LOCK
  • android.permission.GET_ACCOUNTS

Account & Billing Information

If you create an account, we may collect information such as name, email, company and payment information. Account information is used to apply charges, communicate with account holders, deliver offers, provide support, and generally manage your account. You can update your account information at www.nowsecure.com.

Is my personal data secure?

We enforce strong security measures in our mobile apps and on our servers to protect data from unauthorized access.

Where can I get more information?

You can read our Privacy Policy for more details or contact us.

Security

The NowSecure Mobile Apps were designed from the ground up for security. The following sections briefly describe their security at various layers.

Apps

The NowSecure Mobile Apps are custom-designed by NowSecure developers, and leverage best practices including:

  • Data-at-rest encryption
  • SSL/TLS pinning
  • Network encryption
  • Secure coding
  • Tested with NowSecure Lab

Network

Like any good app, the NowSecure Mobile Apps use SSL/TLS. But we go one step further with app layer encryption that better protects your data from snooping. For example, even if Apple accidentally messes up SSL certificate validation, your data will still be secure from man-in-the-middle attacks.

Data Center

Our servers reside in a secure private cloud within world class, audited data centers. Our security procedures include highly restricted system access with two-factor authentication, AES-256 data-at-rest encryption, rapid patching, and constant security monitoring/logging.

Our Commitment to the Highest Level of Data Protection

Our customers include the some of the most security-conscious organizations in the world, and we treat each user’s data with the same high level of protection.