Mobile Applock feature broekn vunerability report

Hello!! please check the video!!

 

after enable applock feature and open sophos mobile app, then click applock tab, authenticator windows opened, then click home button to return the home, then go back sophos app, then few times exist opportunity can click the applock feature activate button. if click fast the button applolck protection is disabled!!

 

So i hope to fix this vunerability like a applock feature can lock sophos it self's or trying other method.

Thankyou :)




Added TAGs
[edited by: Qoosh at 7:28 AM (GMT -7) on 17 Jun 2022]
  • Hello Blacktip_reef_shark,

    Thanks for reaching out to the Sophos Community Forum. 

    I tried to replicate the issue you've shown here, but I was unsuccessful in doing so. Could you provide some additional information on how the test was performed? 
    - Type of Device/Model
    - Version of Android running on the device
    - Version of Sophos Intercept X Mobile 
    - Is the configuration being managed from Sophos Central?

    Kushal Lakhan
    Global Community Support Engineer
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • - Type of Device/Model & - Version of Android running on the device

    Tested 3 devices

    1. Samsung Galaxy Note9(Build: N960NKSU3FVE1, Latest update release: 2022-05-12, Security patch: 2022-05-01, Android 10)

    2. Samsung Galaxy S22Ultra(Build: S908NKSU1AVF1, Latest update release: 2022-06-09, Security patch: 2022-06-01, Android 12)

    3. Samsung Galaxy Note4(This is not official firmware, using LineageOS(Like Android original firmware) custom firmware with 17.1, Android 10)

    PS. Note9, S22Ultra is not rooted and not custom firmware, also Korean variations

    - Version of Sophos Intercept X Mobile

    9.7.3495(Google Play Store Latest version)

    - Is the configuration being managed from Sophos Central?

    No. using personal.

    I think it can be solved add feature of Sophos mobile App Main section locking.

    Thankyou Slight smile

  • Thank you for sharing this additional information, I believe this was my mistake. It is possible to replicate your issue. I was not toggling the "App Protection turned on" slider when the Intercept X mobile app showed momentarily. 

    I will reach out to our team with your findings so that this issue can be addressed going forward. Thank you for sharing this feedback.

    Edit/Update: Looking into some of the bug reports that have been sent to us previously, the issue you've highlighted in this post may be a limitation introduced by Android system functionality. I have reached out internally to get confirmation on this and will follow up on this thread.

    Some information outlining this can be found in the following article.
    - Access to protected / controlled apps still possible by 3rd party apps

    Kushal Lakhan
    Global Community Support Engineer
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids