How Aurora Protect Mobile collects and uses data

For complete information about this product, see the Aurora Endpoint Security docs.

Item

Data collection and use

User information

Arctic Wolf collects the following information to manage users:

  • First name
  • Last name
  • Email address

Endpoint data

Arctic Wolf collects the following endpoint data to detect suspicious activity, privilege escalations, or security misconfigurations:

  • Device name
  • IP addresses
  • MAC addresses
  • OS type
  • OS version
  • Security patch level (Android only)
  • Device lock screen settings
  • Device status
  • Device manufacturer and model

Android mobile app data

Arctic Wolf collects the following information to detect malicious or suspicious applications on Android devices:

  • APK names
  • APK developer signature
  • APK binary hash
  • APK version
  • APK package name
  • APK installation source

Scanning for malicious apps on Android devices
  • The Aurora Protect Mobile app regularly scans the apps on a user’s Android device. If any apps have a hash that the Aurora Protect Mobile cloud services (located in Northern Virginia, US) have not previously processed, the .apk files for that app are uploaded.
  • The Aurora Protect Mobile cloud services use AI and machine learning to analyze the app package and produce a confidence score that it returns to the Aurora Protect Mobile app.
  • The APK files that are uploaded to the Aurora Protect Mobile services are kept private and anonymous, with no links back to users, devices, or organizations.
  • The Aurora Protect Mobile cloud services do not store any user data. The app packages that are uploaded are never shared with a third party.
  • The Aurora Protect Mobile app will only upload app files to the cloud services over a Wi-Fi connection.
  • The Aurora Protect Mobile cloud services retain app binaries and a corresponding confidence score for security purposes.

iOS mobile app data

Arctic Wolf collects the following information to detect malicious or suspicious applications on iOS devices:

  • iOS developer
  • iOS signer cert hash

Scanning URLs in SMS text messages for iOS
  • When a user receives an SMS text message from an unknown sender that contains a URL, the Aurora Protect Mobile app sends the message to the Aurora Protect Mobile cloud services in real time.
  • The Aurora Protect Mobile cloud services collect the entire contents of the message, however, only URLs are retained. No additional metadata or user identifiers are collected or stored. The data that is collected is never shared with a third party or used by Arctic Wolf for any purpose other than providing protection from malicious URLs.
  • The Aurora Protect Mobile cloud services use advanced machine learning capabilities and accumulated knowledge from threat intelligence feeds to provide an instant assessment of the safety of the URL.
  • New incoming text messages from known contacts are automatically considered to be safe and only messages that contain URLs from unknown senders are scanned and assessed.

Scanning URLs in SMS text messages for Android
  • When a user receives an SMS text message that contains a URL, the Aurora Protect Mobile app sends the unaltered URL to the Aurora Protect Mobile cloud services in real time.
  • New incoming text messages from known contacts and unknown senders are scanned and assessed.
  • The Aurora Protect Mobile cloud services collect plain text URLs for analysis and assessment. No additional metadata or user identifiers are collected or stored. The data that is collected is never shared with a third party or used by Arctic Wolf for any purpose other than providing protection from malicious URLs.
  • The Aurora Protect Mobile cloud services use advanced machine learning capabilities and accumulated knowledge from threat intelligence feeds to provide an instant assessment of the safety of the URL.

Unsafe network and insecure Wi-Fi checks

On iOS and Android devices, the Aurora Protect Mobile app will periodically try to connect to the Aurora Protect Mobile cloud services. If the connection is not successful, Aurora Protect Mobile determines that the network is not safe.

On Android devices, the Aurora Protect Mobile app periodically checks the properties of the current Wi-Fi access point to determine if it is secure (you can configure which Wi-Fi access algorithms your organization considers secure and insecure). When the Aurora Protect Mobile app detects an unsafe network or insecure Wi-Fi access point, it is reported in the app and in the management console.

Data storage
  • Arctic Wolf uses the data described above to facilitate the performance of the EULA under which Arctic Wolf’s services and products are offered. The data is shared only with necessary third-party services that are needed to fulfill the intended purpose of the services.
  • Arctic Wolf will not sell, lease, or otherwise distribute this information.
  • The endpoint data that is collected is stored in one of the following subprocessors:
    • Amazon Web Services; Asia Pacific (Australia), Europe (Germany), North America (United States)
    • Google Firebase (message notification identifiers only): United States
    • MessageBird (SMTP relay service only): United States

Data retention

Personal data processed Data retention period

User information

Data is removed at the end of the contract. Administrators can remove data using the management console.

Endpoint data

Data is removed 60 days after the end of the contract.

Mobile app data: Android & iOS

Data is removed 60 days after the end of the contract.

SMS message data: Android & iOS

Hyperlinks contained within messages are de-identified and retained indefinitely.

Potentially malicious mobile applications

Data is de-identified and retained indefinitely.