Data provision in Kaspersky Endpoint Security for Android
Kaspersky Security for Mobile complies with the General Data Protection Regulations (GDPR).
To install the app, either you or a device user must read and accept the terms of the End User License Agreement. In addition, you can configure a policy to accept the Statements listed below globally, for all users. Otherwise, users will be prompted by a notification on the main app screen to accept the following Statements regarding the processing of the user's personal data:
- Kaspersky Security Network Statement
- Statement regarding data processing for Web Protection
- Statement regarding data processing for marketing purposes
If you choose to accept the statements globally, the versions of the statements accepted via Kaspersky Security Center must match the versions already accepted by users. Otherwise, the users will be informed about the issue and prompted to accept the version of a statement that matches the version accepted globally by the administrator. The device status in the Kaspersky Security for Mobile (Devices) plug-in will also change to Warning.
The user may accept the terms of a Statement or decline them at any time in the About the app section in the settings of Kaspersky Endpoint Security for Android.
Information exchange with Kaspersky Security Network
To improve real-time protection, Kaspersky Endpoint Security for Android uses the Kaspersky Security Network cloud service for operating the following components:
- Anti-Virus. The app obtains access to the Kaspersky online knowledge base regarding the reputation of files and apps. The scan is performed for threats whose information has not yet been added to Anti-Virus databases but is already available in KSN. Kaspersky Security Network cloud service provides full operation of Anti-Virus and reduces the likelihood of false alarms.
- Web Protection. The app uses data received from KSN to scan websites before they are opened. The app also determines the website category to control internet access to users, based on lists of allowed and blocked categories (for example, the "Internet communication" category).
- App Control. The app determines the app category to restrict the startup of apps that do not meet corporate security requirements, based on lists of allowed and blocked categories (for example, the "Games" category).
Information on the type of data submitted to Kaspersky when using KSN during operation of Anti-Virus and App Control is available in the End User License Agreement. By accepting the terms and conditions of the License Agreement, you agree to transfer this information.
Information on the type of data submitted to Kaspersky when using KSN during operation of Web Protection is available in the Statement regarding data processing for Web Protection. By accepting the terms and conditions of the Statement, you agree to transfer this information.
Information on the type of statistic data submitted to Kaspersky when using KSN during operation of the Kaspersky Endpoint Security for Android mobile app is available in the Kaspersky Security Network Statement. By accepting the terms and conditions of the Statement, you agree to transfer this information.
Data provision under the End User License Agreement
Where the Activation Code is used to activate the Software, in order to verify legitimate use of the Software, the End User agrees to periodically provide the Rightholder the following information:
- format of the data in the request to Rightholder infrastructure; accessed IPv4 address of the web service; size of the content of the request to Rightholder infrastructure; protocol ID; Software activation code; data compression type; Software ID; set of IDs of Software that can be activated on the user's device; Software localization; full version of the Software; unique device ID; date and time on the user's device; Software installation ID (PCID); OS version, OS build number, OS update number, OS edition, extended information about the OS edition; device model; operating system family; format of the data in the request to Rightholder infrastructure; checksum type for the object being processed; Software license header; ID of a regional activation center; Software license key creation date and time; Software license ID; ID of the information model used to provide the Software license; Software license expiration date and time; current status of the Software license key; type of Software license used; type of the license used to activate the Software; Software ID derived from the license.
In order to protect the Computer against information security threats, the End User agrees to periodically provide the Rightholder the following information:
- checksum type for the object being processed; checksum of the object being processed; the Software component ID;
- ID of the triggered record in the Software's anti-virus databases; timestamp of the triggered record in the Software's anti-virus databases; type of the triggered record in the Software's anti-virus databases; name of the detected malware or legitimate software that can be used to damage the user's device or data;
- name of store from which the application was installed; application package name; public key used to sign the APK file; checksum of the certificate used to sign the APK file; digital certificate timestamp;
- full version of the Software; Software update ID; type of installed Software; the config identifier; the result of the Software action; error code;
- numbers that are derived from the Android application APK file according to certain mathematical rules and that do not allow restoration of the original file content; this data does not contain file names, file paths, addresses, phone numbers, or other personal information of users.
If You use the Rightholder's update servers to download the Updates, the End User, in order to increase the efficiency of the update procedure, agrees to periodically provide the Rightholder the following information:
- Software ID derived from the license; full version of the Software; Software license ID; type of Software license used; Software installation ID (PCID); ID of the Software update start; web address being processed.
The Rightholder can use such information also for receiving statistical information about the distribution and use of the Software.
The received information is protected by Kaspersky in accordance with the requirements established by law. The original received information is stored in encrypted form and is destroyed as it is accumulated (twice per year) or at the request of the User. General statistics are stored indefinitely.
Data provision under the Kaspersky Security Network Statement
Use of the KSN could lead to increase the effectiveness of protection provided by the Software, against information and network security threats.
If you use a license for 5 or more nodes, the Rightholder will automatically receive and process the following data during use of the KSN:
- ID of the triggered record in the Software's anti-virus databases; timestamp of the triggered record in the Software's anti-virus databases; type of the triggered record in the Software's anti-virus databases; release date and time of the Software's databases; OS version, OS build number, OS update number, OS edition, extended information about the OS edition; OS Service Pack version; detect characteristics; checksum (MD5) of the object being processed; name of the object being processed; flag indicating whether the object being processed is a PE file; checksum (MD5) of the mask that blocked the web service; checksum (SHA256) of the object being processed; size of the object being processed; object type code; the Software's decision on the object being processed; path to the object being processed; directory code; version of the Software's component; version of the statistics being sent; accessed address of the web service (URL, IP); type of client used to access the web service; accessed IPv4 address of the web service; accessed IPv6 address of the web service; web address of the source of the web service request (referer); web address being processed;
- information about scanned objects (application version from AndroidManifest.xml; the Software's decision on the application; method used to get the Software's decision on the application; store installer package name; package name (or bundle name) from AndroidManifest.xml; Google SafetyNet category; flag indicating whether the SafetyNet is enabled on the device; SHA256 value from Google SafetyNet response; APK Signature Scheme for the APK certificate; version code of the installed Software; serial number of the certificate that was used to sign the APK file; name of the APK file that is being installed; path to the APK file that is being installed; issuer of the certificate that was used to sign the APK file; public key used to sign the APK file; checksum of the certificate used to sign the APK file; date and time when the certificate expires; date and time when the certificate was issued; version of the statistics being sent; algorithm for calculating the digital certificate thumbprint; MD5 hash of the installed APK file; MD5 hash of the DEX file located within the APK file; permissions granted dynamically to the application; third-party software version; flag indicating whether the application is the default SMS messenger; flag indicating whether the application has Device Administrator rights; flag indicating whether the application is in the system catalog; flag indicating whether the application uses accessibility services);
- information about all potentially malicious objects and activities (fragment content of the object being processed; date and time when the certificate expires; date and time when the certificate was issued; ID of the key from the keystore used for encryption; protocol used to exchange data with KSN; fragment order in the object being processed; data of the internal log, generated by the anti-virus Software module for an object being processed; certificate issuer name; public key of the certificate; calculation algorithm of public key of the certificate; certificate serial number; date and time of signing the object; certificate owner name and settings; digital certificate thumbprint of the scanned object and hashing algorithm; date and time of the last modification of the object being processed; date and time of creating an object being processed; objects or its parts being processed; description of an object being processed as defined in the object properties; format of the object being processed; checksum type for the object being processed; checksum (MD5) of the object being processed; name of the object being processed; checksum (SHA256) of the object being processed; size of the object being processed; Software vendor name; the Software's decision on the object being processed; version of the object being processed; source of the decision made for the object being processed; checksum of the object being processed; parent application name; path to the object being processed; information about file signature check results; logon session key; encryption algorithm for the logon session key; storage time for object being processed; algorithm for calculating the digital certificate thumbprint);
- build type, for example, "user" or "eng"; full product name; product/hardware manufacturer; whether apps can be installed from outside of Google Play; status of the cloud service for verification of Google apps; status of the cloud service for verification of Google apps being installed through ADB; current development codename or "REL" for production builds; incremental build number; user-visible version string; user device name; user-visible Software's build ID; firmware fingerprint; firmware ID; flag indicating whether the device is rooted; operating system; Software name; type of Software license used;
- information about the quality of KSN services (protocol used to exchange data with KSN; ID of the KSN service accessed by the Software; date and time when statistics stopped being received; number of KSN connections taken from the cache; number of requests for which a response was found in the local request database; number of unsuccessful KSN connections; number of unsuccessful KSN transactions; temporal distribution of cancelled requests to KSN; temporal distribution of unsuccessful KSN connections; temporal distribution of unsuccessful KSN transactions; temporal distribution of successful KSN connections; temporal distribution of successful KSN transactions; temporal distribution of successful requests to KSN; temporal distribution of requests to KSN that timed out; number of new KSN connections; number of unsuccessful requests to KSN caused by routing errors; number of unsuccessful requests caused by KSN being disabled in the Software settings; number of unsuccessful requests to KSN caused by network problems; number of successful KSN connections; number of successful KSN transactions; total number of requests to KSN; date and time when statistics started being received);
- device ID; full version of the Software; Software update ID; Software installation ID (PCID); type of installed Software;
- device screen height; device screen width; information about the overlapping application: MD5 hash of the APK file; information about the overlapping application: MD5 hash of the classes.dex file; information about the overlapping application: name of the APK file; information about the overlapping application: path to the APK file without the file name; overlap height; information about the overlapped Software: MD5 hash of the APK file; overlapped application information: classes.dex file MD5 hash; overlapped application information: APK file name; overlapped application information: path to APK file without file name; overlapped application information: application package name (for the overlapped application: if the advertisement is shown on an empty desktop, the value should be "launcher"); overlap date and time; information about the overlapping application: application package name; overlap width;
- settings of the Wi-Fi access point in use (detected device type; DHCP settings (checksums of gateway local IPv6, DHCP IPv6, DNS1 IPv6, DNS2 IPv6; checksum of network prefix length; checksum of local address IPv6); DHCP settings (checksums of the local IP address of the gateway, DHCP IP, DNS1 IP, DNS2 IP, and subnet mask); flag indicating whether the DNS domain exists; checksum of the assigned local IPv6 address; checksum of the assigned local IPv4 address; flag indicating whether the device is plugged in; Wi-Fi network authentication type; list of available Wi-Fi networks and their settings; checksum (MD5 with salt) of the MAC address of the access point; checksum (SHA256 with salt) of the MAC address of the access point; connection types supported by the Wi-Fi access point; Wi-Fi network encryption type; local time of the start and end of the Wi-Fi network connection; Wi-Fi network ID based on the MAC address of the access point; Wi-Fi network ID based on the Wi-Fi network name; Wi-Fi network ID based on the Wi-Fi network name and the MAC address of the access point; Wi-Fi signal strength; Wi-Fi network name; set of authentication protocols supported by this configuration; authentication protocol used for a WPA-EAP connection; internal authentication protocol; set of group ciphers supported by this configuration; set of key management protocols supported by this configuration; the network's final privacy category in the Software; the network's final security category in the Software; set of block ciphers for WPA that are supported by this configuration; set of security protocols supported by this configuration);
- installation date and time for the Software; Software activation date; identifier of the partner organization via which the Software license order was placed; Software ID derived from the license; serial number of the Software license key; Software localization; flag indicating whether participation in KSN is enabled; ID of the licensed Software; Software license ID; OS ID; operating system bit version.
Also, in order to achieve the declared purpose of increasing the effectiveness of protection provided by the Software, the Rightholder may receive objects that could be exploited by intruders to harm the Computer and create information security threats.
Providing the above information to the KSN is voluntary. You can opt out of participating in Kaspersky Security Network at any time.
Data provision under the Statement regarding data processing for Web Protection
According to Web Protection Statement the Rightholder processes data in order for Web Protection functionality. The stated purpose includes detecting web threats and determining the categories of visited websites using the cloud service Kaspersky Security Network (KSN).
With Your consent, the following data will be automatically sent on a regular basis to the Rightholder under the Web Protection Statement:
- Product version; Unique device identifier; Installation ID; Product type.
- URL address of the page, port number, URL protocol, URL, which refers to the requested information.
Data provision under the Statement regarding data processing for marketing purposes
The Rightholder uses third-party information systems to process data. Their data processing is governed by the privacy statements of such third-party information systems. The following are the services that the Rightholder uses and the data they process:
Google Analytics for Firebase
During use of the Software, the following data will be sent to Google Analytics for Firebase automatically and on a regular basis in order to achieve the declared purpose:
- app info (app version, app ID, and the ID of the app in the Firebase service, instance ID in the Firebase service, name of the store where the application was obtained, timestamp of the first launch of the Software)
- ID of app installation on the device and method of installation on the device
- information about the region and language localization
- information about the device screen resolution
- information about the user obtaining root
- diagnostic information about the device from the service SafetyNet Attestation
- information about setting Kaspersky Endpoint Security for Android as an Accessibility feature
- information about transitions between application screens, session duration, beginning and end of a screen session, screen name
- information about the protocol used to submit data to the Firebase service, its version, and ID of the data submission method used
- details on the type and parameters of the event for which data is submitted
- information about the app license, its availability, the number of devices
- information about the frequency of anti-virus database updates and synchronization with Administration Server
- information about the Administration Console (Kaspersky Security Center or third-party EMM systems)
- Android ID
- advertising ID
- information about the User: age category and gender, identifier of the country of residence, and list of interests
- information about the User's computer where the Software is installed: computer manufacturer name, type of computer, model, version and the language (locale) of the operating system, information about the application first opened in the last 7 days and the application first opened more than 7 days ago
Data is forwarded to Firebase over a secure channel. Information about how data is processed in Firebase is published at: https://firebase.google.com/support/privacy.
SafetyNet Attestation
During the use of the Software, the following data will be sent to SafetyNet Attestation automatically and on a regular basis in order to achieve the declared purpose:
- device check time
- information about the software, name and data about the software certificates
- device check results
- random ID checks to verify the results of the check device
Data is forwarded to SafetyNet Attestation over a secure channel. Information about how data is processed in SafetyNet Attestation is published at: https://policies.google.com/privacy.
Firebase Performance Monitoring
During the use of the Software, the following data will be sent to Firebase Performance Monitoring automatically and on a regular basis in order to achieve the declared purpose:
- unique installation ID
- application package name
- version of the installed software
- battery level and battery-charging state
- carrier
- app foreground or background state
- geography
- IP address
- device language code
- information about the radio/network connection
- pseudonymous Software instance ID
- RAM and disk size
- flag indicating whether the device is jailbroken or rooted
- signal strength
- duration of automated traces
- network, and the following corresponding information: response code, payload size in bytes, response time
- device description
Data is forwarded to Firebase Performance Monitoring over a secure channel. Information about how data is processed in Firebase Performance Monitoring is published at: https://firebase.google.com/support/privacy.
Crashlytics
During the use of the Software, the following data will be sent to Crashlytics automatically and on a regular basis in order to achieve the declared purpose:
- Software ID
- version of the installed software
- flag indicating whether the Software was running in the background
- CPU architecture
- unique event ID
- event date and time
- device model
- total disk space and amount currently used
- name and version of the OS
- total RAM and amount currently used
- flag indicating whether the device is rooted
- screen orientation at the time of the event
- product/hardware manufacturer
- unique installation ID
- version of the statistics being sent
- the Software exception type
- text of the error message
- a flag indicating that the Software exception was caused by a nested exception
- thread ID
- a flag indicating whether the frame was the cause of the Software error
- a flag indicating that the thread caused the Software to terminate unexpectedly
- information about the signal that caused the Software to terminate unexpectedly: signal name, signal code, signal address
- for each frame associated with a thread, exception, or error: the name of the frame file, line number of the frame file, debug symbols, address and offset in the binary image, display name of the library with the frame, type of the frame, flag indicating whether the frame was the cause of the error
- OS ID
- ID of the issue associated with the event
- information about events that happened before the Software terminated unexpectedly: event identifier, event date and time, event type and value
- CPU register values
- event type and value
Data is forwarded to Crashlytics over a secure channel. Information about how data is processed in Crashlytics is published at: https://firebase.google.com/terms/crashlytics-app-distribution-data-processing-terms.
Providing the above information for processing for marketing purposes is voluntary.