The Screen Lock feature protects your private data. You can lock the app to prevent others from accessing it. When you open the app it prompts you to unlock access to it.
Screen lock options
The app allows to set an alphanumeric pass code on Settings > Privacy & Security > App Lock.
The app also allows the user to use the device passcode, PIN or Biometric unlock setting to access the aplication.
Once the screen lock its defined, the application will require to be unlocked everytime the user wants to open it.
The user can set a complex alphanumeric pass code with a minimum of 6 characters or a 4, 6 or 8 digit PIN. After setting the screen lock, the user needs to set how often the application needs to be unlocked. For this, the application allows the following options:
- Imediatly: Request PIN/TouchID/FaceID each time you open the app
- 1 minute
- 5 minutes
- 15 minutes
- 30 minutes
- 1 hour
- 2 hours
- 2 hours
- 4 hours
- 8 hours
- 24 hours
EZ2ID for iOS utilizes the iOS sandbox and do not expose any interface or API for third party applications. Therefore, other applications e.g., WhatsApp cannot receive the contacts from EZ2ID by using Apple contact API. Furthermore, customers can enforce the usage of PIN and biometrics to unlock the app by using Mobile Device Management or Microsoft Endpoint Mangagement (Intune) MAM Policys.
In future versions of EZ2ID for iOS, we may integrate one-directional communications between EZ2ID and other applications through the Apple iOS “ShareKit” API (e.g., EZ2ID sends a mail address to the Microsoft Outlook App).
For customers utilizing MDM or MAM, we will always provide MDM/MAM settings to allow or prevent those for specific apps (e.g., Microsoft Outlook, Microsoft Teams) or disable Sharing Interface entirely.
Multiple layers of security can be applied to EZ2ID. By utilizing MDM or Intune MAM, you can prevent any export of data as you can disable all Sharing Interfaces in the app or only allow Sharing to specific applications.
In case of MDM, the iOS MDM layer is used to provide sharing only with “MDM managed apps”. If you chose to disable sharing entirely through MDM AppConfig, EZ2ID will disable the ShareKit API completely (in addition to the iOS MDM layer).
When Intune MAM is utilized, EZ2ID relies on the Intune SDK. Intune SDK enables you to block all Sharing, enforce PIN and many other security features. Please refer to the Microsoft Intune SDK and the Intune MAM policy documentation from Microsoft for further information about the protection. In addition, EZ2ID receives the Intune MAM settings by the Intune SDK and may also natively disable Sharing API (if configured). With Intune MAM, you may also disable iTunes Backups for EZ2ID.
PIN and/or biometrics can be enabled in the EZ2ID user interface or enforced through MDM (AppConfig) or Intune MAM policy.
When PIN and/or biometrics are enabled for EZ2ID, there are two cases how the data is encrypted:
- If a PIN protection is enabled for the iOS device, the iOS encryption will be utilized by EZ2ID automatically. EZ2ID integrates with the platform security and asks for the same PIN as used for the device lock or biometrics. EZ2ID uses the native apple API for „Local authentication“ utilizing the secure enclave and therefore will never receive the device PIN itself.
- If no PIN protection is enabled for the iOS device, you may enter an individual PIN for EZ2ID within the application. EZ2ID utilizes Apple CryptoKit API to encrypt and decrypt the EZ2ID database. Please refer to the Apple CryptoKit documentation for further information.
GDPR does not allow sharing of personal data with people or services who not have an according contract. Since EZ2ID prevents sharing of any data (if configured), EZ2ID solves this issue. In sharp contrast, the iOS address book may be read by any application when the user allows access to it.
In contrast to Android, iOS apps always run in a sandbox and according to Apple Platform Security guides, cannot escalate privileges. If an App does not utilize any Sharing API (e.g. Apple ShareKit), it is always an containerized app where you can’t move or export any data from.
In case of EZ2ID, you can disable Sharing through MDM or Intune MAM as stated in “How is an export of Data prevented? How does this work?”
Siri integration will not be available in the first public release of EZ2ID and is estimated to arrive as an feature by End of 2021. When the Siri integration will be available, EZ2ID will support to entirely disable it through MDM or Intune MAM policy.
However, Siri itself is compatible with GDPR as only interpretation is done on Apple servers.
- The user says “Hey Siri, call John Doe through EZ2ID”
- Apple servers will translate the spoken to text and send the text to the device
- iOS receive the spoken word as text and will look up all SiriKit extensions on device for the keyword(s), in this example “EZ2ID”.
- The EZ2ID SiriKit extension will then be notified on the device with the Intend (“Call”) and the Query (“John Doe”).
- The EZ2ID SiriKit extension then will search for the query (“John Doe”) through the app extension and execute the intend “Call”.
Please refer to Apple SiriKit documentation (https://developer.apple.com/documentation/sirikit) to get an understanding how SiriKit processes data.