Skip to content
SafeLink IT
ServicesAD SnapshotProjectsProofsCertificationsBackgroundVideosBlogContact DE

Sophos XGS Mobile Privacy Policy

Last updated: July 1, 2026

Sophos XGS Mobile is operated by Benjamin Iheukumere / SafeLink IT ("Sophos XGS Mobile", "we", "us"). This policy explains how the Android app, the SafeLink broker service, and the locally installed in-house agent process data.

Contact: b.iheukumere@safelink-it.com

1. What Sophos XGS Mobile Does

Sophos XGS Mobile lets authorized administrators manage Sophos XGS firewalls from an Android device through a locally installed agent. The traffic flow is:

Android app -> SafeLink broker -> customer-controlled in-house agent -> customer Sophos XGS firewall

The broker is used for relay, pairing, entitlement checks, and abuse protection. It is not intended to be a firewall credential store.

2. Data We Process

Depending on how the app is used, Sophos XGS Mobile may process:

  • Firewall connection profile data, such as customer-defined firewall names, firewall host names or IP addresses, ports, pairing identifiers, and agent identifiers.
  • Firewall credentials entered by the user, such as firewall usernames and passwords.
  • Configuration objects and operation metadata needed to read or modify Sophos XGS configuration, such as hosts, services, firewall rules, NAT rules, object names, object identifiers, status codes, and request IDs.
  • Live logs requested by the user from an allowed Sophos XGS log file.
  • Pairing and device trust data, such as device public keys, agent public keys, pairing session IDs, revocation state, and signed connection metadata.
  • Google Play subscription and entitlement data, such as product ID, purchase verification result, subscription state, expiry state, and hashed or short-lived purchase-token references where practical.
  • Play Integrity data, such as integrity verdict inputs and results needed to reduce fraud and entitlement abuse.
  • Technical security and diagnostic metadata, such as app version, broker endpoint, request IDs, timestamps, non-secret error codes, rate-limit events, and relay connection status.

We do not collect payment card details. Payments and subscriptions are handled by Google Play.

3. Local Storage on the Android Device

The app stores firewall profiles, pairing metadata, entitlement state, and cached configuration snapshots locally so the user can reconnect quickly.

Firewall credentials are stored through Android Keystore-backed encryption where supported. The app disables Android backup and device-transfer extraction for its local shared preferences to reduce the risk of credential and pairing-data leakage through normal device backups.

Users can delete saved credentials and local app data in the app or by clearing/uninstalling the app.

4. Broker Processing

The SafeLink broker processes only the data needed to:

  • receive outbound agent WebSocket connections without inbound customer firewall ports;
  • allow the Android app to discover and connect to a paired agent;
  • verify Google Play subscription entitlement and Play Integrity signals;
  • route encrypted relay frames between app and agent;
  • enforce rate limits, WAF-compatible public paths, and security/audit logging;
  • synchronize operational state between active broker nodes.

The broker cannot decrypt firewall credentials, Sophos API request payloads, or live-log payloads that are sent through the encrypted app-to-agent relay. Firewall credentials are not stored by the broker.

The broker may store or log non-secret operational metadata such as agent IDs, device IDs, public keys, pairing state, revocation state, entitlement decisions, request IDs, timestamps, status codes, and rate-limit/security events.

5. In-House Agent Processing

The in-house agent is installed and controlled by the customer or administrator. It keeps local agent identity, paired-device trust records, revoked device records, and allowed firewall/log access configuration.

The agent receives encrypted requests from paired devices, decrypts them locally, connects to the configured Sophos XGS firewall, and returns encrypted responses through the broker. In the current version, the agent does not persist firewall credentials. Firewall credentials are used in memory for the requested operation.

Paired devices can be revoked on the in-house agent. After revocation, the broker relay alone is not sufficient to regain access because the agent rejects the device.

6. Sophos XGS Firewall Data

When a user performs an operation, the app and agent may process firewall configuration data and status responses returned by the Sophos XGS XML API. This can include customer-defined network object names, IP addresses, FQDNs, service definitions, firewall rules, NAT rules, zones, interfaces, schedules, and related metadata.

Live logs are read only after an explicit user request and only from allowlisted log files. Live log output is streamed through the encrypted relay. The agent sanitizes common secret patterns before forwarding log lines, but users should still treat log output as sensitive customer security data.

7. Google Play Processing

Subscriptions are purchased and managed through Google Play. Google Play may process payment, account, purchase, subscription, and device data according to Google's policies.

Sophos XGS Mobile receives only the data needed to verify entitlement, such as Google Play subscription product ID, purchase token, verification result, renewal or expiry state, and Play Integrity token/verdict data. Purchase tokens are handled as sensitive data and should not be logged in plaintext.

8. Why We Process Data

We process data to:

  • provide firewall administration functionality requested by the user;
  • establish and maintain paired app-to-agent connectivity;
  • verify active Google Play subscription entitlement;
  • prevent fraud, replay, unauthorized access, and quota abuse;
  • display existing firewall configuration and operation status;
  • stream requested live logs;
  • diagnose failures and secure the broker service;
  • comply with legal, tax, accounting, and security obligations.

For users in the European Economic Area, legal bases may include contract performance, legitimate interests in secure service operation and abuse prevention, consent where required, and legal obligations.

9. Sharing of Data

We do not sell personal data.

We may process data with:

  • Google Play, for subscription purchase, renewal, entitlement, license testing, and Play Integrity verification;
  • infrastructure, hosting, WAF, TLS, backup, monitoring, and security providers needed to operate the broker service;
  • the customer's own in-house agent and Sophos XGS firewall, as required to perform user-requested firewall operations;
  • legal or regulatory authorities if required by law.

No advertising SDK is included in the app, and we do not share data for advertising.

10. Retention

Local app data remains on the device until the user deletes it, clears app storage, uninstalls the app, or replaces the device.

The in-house agent keeps pairing and revocation records until the customer deletes or resets them.

Broker-side operational records are retained only as long as needed for service operation, troubleshooting, abuse prevention, security auditing, accounting, and legal compliance. Security logs should not contain firewall passwords, full Google Play purchase tokens, or decrypted firewall payloads. If sensitive data is accidentally captured in diagnostics, we may delete or redact it.

11. Security

Sophos XGS Mobile uses security controls intended to reduce unauthorized firewall access, including:

  • TLS for app-to-broker and agent-to-broker transport;
  • additional encrypted app-to-agent relay payloads for firewall operations;
  • Android Keystore-backed local credential protection where supported;
  • no broker-side storage of firewall credentials;
  • signed pairing and relay metadata;
  • Google Play subscription verification on the broker;
  • Play Integrity verification;
  • agent-side paired-device trust and revocation;
  • allowlisted live-log file access;
  • secret redaction for common live-log patterns;
  • disabled Android backup for app shared preferences;
  • no advertising SDK or analytics SDK in the Android app.

No system can be guaranteed to be perfectly secure. If you believe you found a security issue, contact b.iheukumere@safelink-it.com.

12. User Choices and Rights

Users can:

  • delete saved firewall credentials in the app;
  • clear local app data or uninstall the app;
  • revoke paired devices on the in-house agent;
  • manage or cancel subscriptions through Google Play;
  • request access, correction, deletion, restriction, or objection where applicable by contacting us.

Data deletion requests can be sent to b.iheukumere@safelink-it.com. Some broker security, accounting, or legal records may need to be retained for a limited period where required.

13. International Processing

Sophos XGS Mobile may process data in Germany, the European Union, and other countries where our service providers operate. Data protection laws may differ from those in the user's country.

14. Changes to This Policy

We may update this policy when the app, broker, or agent changes. The "Last updated" date shows the current version. Material changes may also be communicated in the app or through the Google Play listing where appropriate.

15. Contact

Benjamin Iheukumere / SafeLink IT Email: b.iheukumere@safelink-it.com

SafeLink IT

Senior IT security consulting for Active Directory, networks and critical security programs.

Contact

+49 177 3 555 059 b.iheukumere@safelink-it.com LinkedIn GitHub YouTube

Legal

ImprintPrivacy LLMs.txt