This article explains why permissions are needed, what information is used on the device, and what information is sent to Symantec. This article is a general end-user understanding of the workings of the VIP Access application and is not a legal privacy statement. The users of the VIP Access applications accept the terms of VIP Access End User License Agreement (https://www.symantec.com/content/en/us/about/media/repository/vip-access-client-eula-en.pdf)
When you install VIP Access on a mobile device (in particular an Android OS Version 6+) you may see a prompt (see screen shot below) that expects certain device permissions to be granted by the user for proper usage of the application.
The VIP Access application requires "READ_PHONE_STATE" permission to fetch the device ID parameter. We are using this API to protect against the cloning of credentials.
The Symantec VIP access application does not do the following when installed on a mobile device:
Certain mobile platforms (in particular, Android devices) display a message indicating VIP Access needs access to a broad set of device and user information. This may lead End-users to believe VIP Access may be accessing significant personal information. On the contrary, this is due to the lack of granular access controls on specific data collected. VIP Access does not collect or send any personally identifiable information from the device to Symantec for tracking purposes.
VIP Access uses device and user specific information to secure the operational data on the mobile device. Where possible, this data is stored in the user’s profile on the device. This ensures your instance of VIP Access application is secured to a specific device and cannot be duplicated on another device by a malicious agent.
The VIP Access client may send Symantec servers certain non-personally identifiable device specific information which can help in secured provisioning of the VIP credential and help debug the VIP Access application in case of failures.