Sophos Mobile Encryption Version 2.2 for Android Release Notes

New in this release

Protecting access to the application with a password
Sophos Mobile Encryption now allows to define an application password that has to be entered to access Sophos Mobile Enryption. An additional recovery password can be generated to reset the application password in the case the password is forgotten.

Keystore for local keys
Sophos Mobile Encryption now allows to securely store the local keys to access encrypted files:

• On Android 4.3 and above keys are stored and protected by means of the operating system using the Android KeyStore:
• The Android keystore is protected by the screen lock Pattern/PIN/Password. It is required to set a screen lock for the key ring to be available. 
• If the user disables the screen lock, SMEnc's key ring is automatically disabled and the keys are discarded. On some devices disabling the screen lock cannot be detected. In this case the key ring has to be disabled manually by the user.
• On devices running Android versions below 4.3 the keys can be stored securely within the app
• The application password to access Sophos Mobile Encryption must be enabled
• The keys are stored within the app encrypted with a key derived from the application password

The stored keys can be used for automatic encryption and decryption of files in Sophos Mobile Encryption without having to enter the passphrases for files again.

Upload of encrypted files to the cloud storage providers
Sophos Mobile Encryption is now able to receive and encrypt files from other third-party applications (via share with). The encrypted files are uploaded to a linked cloud storage provider or alternatively stored in an app-internal local storage. The user can select an already used key (when the keystore feature is enabled) or can define a new passphrase from which the encryption key is derived. Furthermore, the user can move files from the local storage to a linked cloud storage provider.

System Requirements

Sophos Mobile Security runs on Android devices with an Android version 2.3.3 (API level 10) and higher.

Supported Storage Providers

Sophos Mobile Encryption supports following storage providers:

• Dropbox
• GoogleDrive
• Egnyte
• Telekom Media Center
• Microsoft OneDrive (former SkyDrive)
• WebDAV (test with ownCloud and Strato HiDrive)

Installation

Installation of the application must be done via Google Play.

Known Issues

Files cannot be opened by some third-party applications  

Files cannot be opened by some third-party applications due to problems with access permissions. For displaying the content of the file, access permissions are applied to the file so that it can be opened by the third-party application. Some third-party applications fail to work properly if they're not granted universal access to files and therefore cannot display the file. Applications known to have this problem are ASTRO Image Viewer or ES Image Browser. If this problem occurs, please use another application to view the file.

Going back when linking a Google Drive account may cause Google Play Services to crash

When the user links a Google Drive account in Sophos Mobile Encryption, the application triggers the selection of an account in a Google application. Selecting "Add Account" on the first screen directs to the "Add a Google Account" screen. If the user then clicks the back button, the Google Play Services may crash (seen on a Nexus 7, with Android 4.2.1). This crash is caused by another Android application and not by Sophos Mobile Encryption.

Viewing of favorites may show an outdated version of the file, e.g. using the Android Gallery App

Some applications used for viewing favorites of Sophos Mobile Encryption do cache files internally and do not recognize when only the file content changes. E.g. the Android Gallery application caches all pictures it views. When only the content of the file changes, the Android Gallery App does not recognize the change when opened from Sophos Mobile Encryption and displays the cached content. Only a change of the file name will cause the Gallery App to reload the file. Please use another application that does not show this behavior for viewing the favorite files or forcibly close the Gallery App before viewing updated content.

Update from Version 1.0 may result in unlinking of DropBox and missing metadata for the favorites

Updating from version 1.0 may unlink an already linked DropBox account. Please link the account again and all favorites of the DropBox will be visible again. It may also happen that the file metadata of favorites (size and sync date) cannot be retrieved and only default values are shown. After syncing the favorites again all metadata is restored. The favorites can still be opened, even with wrongly displayed metadata.

Microsoft OneDrive (former Skydrive) not working on certain devices

The Live SDK for Android version (5.0) that is used for Sophos Mobile Encryption to support OneDrive as storage provider is distributed by Microsoft as pre-release, time-sensitive unsupported software that may not operate correctly. Therefore it may happen that OneDrive is not working on certain devices, e.g. we could not logon on to OneDrive on a Motorola Defy+ with Android 2.3.4. 

Developer Option Don't Keep Activities causing problems when user-visible interaction is required with third party applications

Sophos Mobile Encryption relies on third party applications to support the different cloud storage providers. When requiring user-visible interaction with such third party applications (e.g. to logon to a cloud storage provider like Google Drive), having the developer option Don't Keep Activities activated may affect the normal lifecycle of SMEnc or even cause the crash of it . This is caused by the OS behavior activated with the Don't Keep Activities setting: SMEnc may be closed while a third party App is shown, whereas the third party application tries to start SMEnc resulting in an infinite loop. As recommended by Google, this Developer setting should not be activated in normal use of a device.

WebDav Favorites with special characters or blanks in the filename are no more favorites after upgrading SME from a previous version

WebDav files that have special characters or a blank in the filename and that are also marked as favourite are no more favorites after upgrading Sophos Mobile Encryption to the new version. The user has to manually mark these files as favorite again. This happens due to a necessary adjustment of the encoding of webdav file names respectively WebDav requests that had to be done for the new SME version to be able to implement the uploading of files to WebDav.

Egnyte-Upload: User cancelling the upload of a file leaves a corrupt file on server

If the user cancels an update of a file to Egnyte, a corrupt file remains on the Egnyte server. This is a problem of the Egnyte API and will be fixed by Egnyte.

Technical support

You can find technical support for Sophos products in any of these ways:

• Visit the SophosFreeTalk community at http://openforum.sophos.com/t5/Sophos-Mobile-Encryption/bd-p/SophosMobileEncryption and search for other users who are experiencing the same problem.
• Visit the Sophos support knowledgebase at http://www.sophos.com/en-us/support.aspx.
• Download the product documentation at http://www.sophos.com/en-us/support/documentation.
• Send an email to support@sophos.com , including your Sophos software version number(s), operating system(s) and patch level(s), and the text of any error messages.

Legal notices

Copyright © 2014 Sophos Ltd. All rights reserved.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos is a registered trademark of Sophos Ltd. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.