We non-stop talk about how we apply multi-level policies on Secure Phone which allow granular control of the device. These sets of policies define software and hardware availability to users on Secure Phone. Every mobile device is configured with such policy sets.
Secure Phone policies are created in the Secure Phone Administration System (SAS). Only SAS accounts with administrator’s permissions to your device can set and change these settings.
What does Policy Manager do?
The Policy Manager shows what policies apply to your device.
Provides information about your account and policies on your device
Allows you to change your account password
Allows you to change your encryption password
Access and view information in Policy Manager
The Policy Manager app is accessible only from the Status Screen (swipe right to the home screen). It includes several tabs (screens) for you to browse:
This screen displays basic account & support contact info:
- Account name – your login email address.
- Account expiration date – your subscription expiration date.
- Support email – have problems with Secure Phone? Contact Support.
- Support phone – have problems with Secure Phone? Call this phone number.
- Google services – these should be disabled. If they’re not, your Secure Phone is less secure than it should be.
The Device policy screen shows the level of use of various components of your device. As part of device policies, you can see what settings apply to your device, the configurations for device syncing and lock.
This group shows the hardware functionality and features available on your Secure Phone device, such as Camera (including the flash LED), Wi-Fi, Location, USB, etc.
In this group you can see the syncing parameters for Secure Phone:
- Maximum failed passwords – defines a countdown for incorrect password inputs. Be careful: once that countdown reaches zero, you wipe your Secure Phone.
- Update interval – defines how often Secure Phone syncs with SAS services
- Count missed offline syncs – defines a limit for failed syncing attempts. Once you reach that limit and your device gets wiped.
- Duress wipe – this defines if duress wipe is permitted or not.
Lock Screen & Password
This group shows info about your Lock Screen and passwords settings. Here you can check if you have permission to change or update your account and encryption passwords, the lock screen method of your device and respectively the lock screen password or PIN.
Here you can find the list of apps installed on your Secure Phone. Tap on each app to see additional info.
If you wish to add an app that’s not on the list, contact your device administrator: you can only install an app on Secure Phone when you add it to your application policy in SAS. On the next sync, SAS pushes (installs) the app on your device.
App settings policy
The Secure Email and Secure Chat apps have additional sets of per app settings. Tap the app icons to bring the detailed info about each.
The following toggles provide detail information on each permission to the specified app functionality.
- canSendAttachments: allows you to send attachment files in emails
- maxPassphraseTries: sets an upper limit to consecutive invalid passphrase attempts
- hideOriginalEmailOnFwd: allows you to remove the original sender’s email address upon email forward
- wipeSettingFromServer: allows you to set and receive a wipe email
- canImportKey: allows you to import existing keys in the app
- canDeleteKey: allows you to delete existing keys in the app
- maxLockPassTries: sets an upper limit to consecutive invalid app lock password attempts
- canReceiveAttachments: allows you to receive attachments
- SendDeviceReceiveReceipt: enforces Secure Email to send a confirmation notification for each email you receive
- SendReadReseiptAutomatically: enforces Secure Email to send a confirmation notification for each incoming email you open for the first time
- canSyncWithPC: allows you to sync your encryption keys with a PC plugin
- canSendUnencryptedEmails: allows you to send non-encrypted emails
- canExportKey: allows you to export keys
- canCreateKey: allows you to create new keys
The Secure Chat policy provides a unique level of control over your instant messaging. encrypted_messages_only: enforces exchange OTR encrypted messages only wipe_password [string] Defines the remote wipe password
- files: аllows exchange of files in Secure Chat
- push_to_talk: аllows you to record and send or receive voice clips
- history_mode: Enforces a History mode on Secure Chat: Save History, Do not save history, For your eyes only.
- autoaccept_files: еnforces Secure Chat to automatically accept incoming files
- wipe_contact: а comma-separated list of contact IDs
- wipe: аllows Secure Chat to perform a device wipe
- edit_messages: аllows you to edit your sent messages 1
- photo: аllow you to take a photo and send (or receive) it in Secure Chat
- video: аllow you to take a video and send (or receive) it in Secure Chat
- email_notify: аllows the option to receive email notifications about new incoming messages
This screen displays device and network connectivity info, including:
- IMEI number – the unique 15-digit device identifier code (International Mobile Equipment Identity).
- UDID code – this value is static (Unique Device Identifier).
- IP address – the IP address currently assigned to your device; this value varies with different networks.
- MAC address – the MAC address of your Wi-Fi network adapter.
- OS version – current OS version.
This screen displays the SIM info that cell towers request from you.
- SIM serial number – a static value, most SIM cards have this serial printed (also called Integrated Circuit Card Identifier or simply ICCID).
- IMSI code – normally a static value, this is an identifier that mobile operators use to recognize your SIM across networks. In GSM networks this number is provisioned by the operator. It is this value that IMSI catchers use to identify your device.
- SIM country – a static value, the two-letter country code.
- SIM state – displays current SIM state. Usually, this status is ready or locked (requires SIM’s PIN or PUK code).
- SIM operator – this is the MCC-MNC identifier of mobile network operators.
- SIM Operator Name – this is the name associated with the above MCC-MNC value.
- Voice mail number – the availability of this value depends on your contract with your mobile service.
From the SIM info screen, you can also report a bug/problem with Secure SIM from your Secure Phone device. Follow this link to learn how to do it.
Depending on the policies applied to your device, Policy Manager allows you to update, change or reset your account and encryption passwords. Follow this link for instructions on each of these actions.