Skip Navigation
  1. BlackBerry Docs
  2. Cylance Endpoint Security
  3. Cylance Endpoint Security Data Collection and Use
  4. How Cylance Endpoint Security products collect and use data
  5. How CylancePROTECT Mobile collects and uses data

How
CylancePROTECT Mobile
 collects and uses data

For complete information about this product, see the Cylance Endpoint Security docs.
Item
Data collection and use
Scanning for malicious apps on
Android
 devices
  • The
    CylancePROTECT Mobile
     app regularly scans the apps on a user’s
    Android
     device. If any apps have a hash that the
    CylancePROTECT Mobile
     cloud services (located in Northern Virginia, US) have not previously processed, the .apk files for that app are uploaded.
  • The
    CylancePROTECT Mobile
     cloud services use AI and machine learning to analyze the app package and produce a confidence score that it returns to the
    CylancePROTECT Mobile
     app.
  • The APK files that are uploaded to the
    CylancePROTECT Mobile
     services are kept private and anonymous, with no links back to users, devices, or organizations.
  • The
    CylancePROTECT Mobile
     cloud services do not store any user data. The app packages that are uploaded are never shared with a third party.
  • The
    CylancePROTECT Mobile
     app will only upload app files to the cloud services over a
    Wi-Fi
     connection.
  • The
    CylancePROTECT Mobile
     cloud services retain app binaries and a corresponding confidence score for security purposes.
Scanning URLs in SMS text messages for
iOS
  • When a user receives an SMS text message from an unknown sender that contains a URL, the
    CylancePROTECT Mobile
     app sends the message to the
    CylancePROTECT Mobile
     cloud services in real time.
  • The
    CylancePROTECT Mobile
     cloud services collect the entire contents of the message. No additional metadata or user identifiers are collected or stored. The data that is collected is never shared with a third party or used by
    BlackBerry
     for any purpose other than providing protection from malicious URLs.
  • The
    CylancePROTECT Mobile
     cloud services use advanced machine learning capabilities and accumulated knowledge from threat intelligence feeds to provide an instant assessment of the safety of the URL.
  • New incoming text messages from known contacts are automatically considered to be safe and only messages that contain URLs from unknown senders are scanned and assessed.
Scanning URLs in SMS text messages for
Android
  • When a user receives an SMS text message that contains a URL, the
    CylancePROTECT Mobile
     app sends the unaltered URL to the
    CylancePROTECT Mobile
     cloud services in real time.
  • New incoming text messages from known contacts and unknown senders are scanned and assessed.
  • The
    CylancePROTECT Mobile
     cloud services collect plain text URLs for analysis and assessment. No additional metadata or user identifiers are collected or stored. The data that is collected is never shared with a third party or used by
    BlackBerry
     for any purpose other than providing protection from malicious URLs.
  • The
    CylancePROTECT Mobile
     cloud services use advanced machine learning capabilities and accumulated knowledge from threat intelligence feeds to provide an instant assessment of the safety of the URL.
Unsafe network and insecure
Wi-Fi
 checks
On
iOS
 and
Android
 devices, the
CylancePROTECT Mobile
 app will periodically try to connect to the
CylancePROTECT Mobile
 cloud services. If the connection is not successful,
CylancePROTECT Mobile
 determines that the network is not safe.
On
Android
 devices, the
CylancePROTECT Mobile
 app periodically checks the properties of the current
Wi-Fi
 access point to determine if it is secure (you can configure which
Wi-Fi
 access algorithms your organization considers secure and insecure). When the
CylancePROTECT Mobile
 app detects an unsafe network or insecure
Wi-Fi
 access point, it is reported in the app and in the management console.
Endpoint data collection
  • BlackBerry
     collects the following mobile endpoint data to detect and respond to potential threats:
    • Device name
    • IP addresses
    • MAC addresses
    • OS type
    • OS version
    • Device lock screen settings
    • Device status
    • Device manufacturer and model
  • BlackBerry
     collects the following
    Android
     mobile endpoint app data to detect and respond to potential threats:
    • APK names
    • APK developer signature
    • APK binary hash
    • APK version
    • APK package name
    • APK install source
  • BlackBerry
     collects the following
    iOS
     mobile endpoint app data to detect and respond to potential threats:
    • iOS
       developer
    • iOS
       signer certificate hash
Data storage and retention
  • BlackBerry
     uses the data described above to facilitate the performance of the EULA under which
    BlackBerry
    ’s services and products are offered. The data is shared only with necessary third-party services that are needed to fulfill the intended purpose of the services.
  • BlackBerry
     will not sell, lease, or otherwise distribute this information.
  • Endpoint data is removed at the end of the contract. Administrators can remove data using the management console. Mobile endpoint configuration and app data are removed 2 months after the end of the contract.
  • The endpoint data that is collected is stored in
    Amazon Web Services
    , in a location of the customer's choice:
    • Oregon, US
    • Frankfurt am Main, Germany
    • Sao Paulo, Brazil
    • Tokyo, Japan
    • Sydney, Australia