Data collection and data processing

App Shielding

App Shielding does not collect data from end-user devices.

Data which may be considered private may be processed locally on the device for the purpose of determining the security level of the run-time environment where the app is being executed.

This type of data may include installed package names, bundle IDs, file names, process names and similar.

Evaluation versions of App Shielding

This section applies to time limited (timedemo) evaluation versions of App Shielding only, and should be ignored for standard licensed App Shielding delivered packages.

Evaluation versions of App Shielding collect the following information:

Device meta information

  • Device model name and model number
  • Operating system version information

App meta information

  • Package name of the app
  • App version information

Security information

  • Security information related to App Shielding security callback, which may include evidence about root/jailbreak, hooking frameworks, hooks in the form of file names, process ID names, function names and similar.

This information does not include personally identifiable information, and is transmitted in encrypted form to OneSpan automatically while the application is running.

Shielding Tool

The Shielding Tool collects diagnostics and meta information about Shielding Tool usage by default for the purpose of improving the product's quality, developer experience, and performance.

The type of collected information includes:

  • Shielding Tool meta information

    • Version, operating system

  • Java run-time information

    • JVM vendor, name and version

  • Application information

    • Name, type, version and support information

  • Hardware information

    • Available CPU cores, architecture and memory

  • Locale information

    • Country, time zone and system language

  • Status information

    • Error messages, stack traces, feature usage, performance and timing information

The Shielding Tool is designed to prevent collection of personal information. All data is encrypted and by default transferred for processing by OneSpan only. This data collection can be disabled entirely using the --disable-insight option.