PII Collection for VIP Access App

book

Article ID: 170189

calendar_today

Updated On:

Products

VIP Access for Mobile VIP Access for Desktop VIP Software Development Kit

Issue/Introduction

What data does VIP Access app collect and use?

Cause

The VIP Access application is a mobile application that incorporates a VIP Credential as described in the VIP Network Policy. Your use of the VIP Access application is dependent on you providing certain device information. The information that you provide is what is reasonably necessary for use. For example, the device information that is gathered is used to prevent cloning of the credential.

What data Symantec collects from you?

Through your use of the VIP Access application, Symantec may collect data that can include:

  • Device details, including device OS Version, device model, and manufacturer.
  • Additionally, the VIP Access application may access the camera for QR code scanning. The VIP Access application captures and stores the QR scanned information, including OATH account handles, but this information is not transferred to Symantec.
  • Bluetooth Low Energy (BLE). For proximity-based login, this is only needed if you want to pair with your computer.

The collected data is used to create a local profile on the device which is secured in order to prevent tampering or cloning of the VIP Credential. The only Device-specific information that is provided to the Symantec VIP cloud service is for administrative purposes, and is limited to device OS version, device model, manufacturer, VIP Access capabilities as they apply to the OS version. Any other information that is collected is stored locally on the device and encrypted. The data gathered locally is the minimum required information for the functionality of the application. If you remove the application this data is deleted.

The latest version VIP Access has malware detection capabilities which anonymize the applications on the device and feed into a database. Symantec can then validate and determine malicious applications, and then flag the device as having malware. This does not alert the administrator which app is malicious but only raises an alert.

Google Cloud Messaging data collection

Google Cloud Messaging (GCM) is used for the Push feature on the VIP Access app. Google Cloud Messaging is a third-party service provider that includes technologies such as Google Analytics.

You can review the GCM at: https://developers.google.com/cloud-messaging/gcm

Apple Push Notification System data collection.

Apple Push Notification System (APNS) is used for the Push feature on the VIP Access app. APNS is a third-party service hosted by Apple. Apple may collect information which does not personally identify you unless required. Apple has a good faith belief that such data would only be collected if absolutely necessary.

You can review the APNS service at: https://developer.apple.com/notifications/

The Apple developer PDF defining the data collection is attached to this KB.

Symantec does not collect any information other than the application ID that is used for push authentication.

Google Analytics

The VIP Access application uses Google Analytics’ Measurement Protocol with IP anonymization parameters to transmit critical error information (including IP address) and information on your feature usage services (the “VIP Access application Telemetry”) to Google Analytics, which is not owned or operated by Symantec.

For more information about Google Analytics, see:

The VIP Access client may send Symantec servers certain non-personally identifiable device-specific information used to secure provisioning of the VIP credential and help debug the VIP Access application in case of failures. Using Google Analytics, Symantec receives telemetry on installation errors and device models. This data is used to fix installation or usability issues.

Symantec only uses this information for internal purposes as needed. The information is not used for advertising, promotions or to send confidential information.

 

Resolution

Symantec is the world leader in data security. We take great effort to ensure that your data is secure and used only as required.

If you do not consent to this data collection and usage, do not use the VIP Application. The VIP application is not required to use our service. We have other methods of validation such as hard tokens which do not require any personal information to utilize.

Attachments

Apple_Developer_Program_License_Agreement_20170605.pdf get_app