The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

About mobile device management in Kaspersky Security Center Web Console and Cloud Console

You can manage mobile devices in Kaspersky Security Center Web Console and Cloud Console by using the following components:

• Kaspersky Endpoint Security for Android app

  The Kaspersky Endpoint Security for Android app ensures protection of mobile devices against web threats, viruses, and other programs that pose threats.

• Kaspersky Security for iOS app

  The Kaspersky Security for iOS app ensures protection of mobile devices against phishing and web threats.

• Kaspersky Security for Mobile (Devices) plug-in

  The Kaspersky Security for Mobile (Devices) plug-in provides the interface for managing mobile devices and the mobile apps installed on them through Kaspersky Security Center Web Console and Cloud Console.

• Kaspersky Security for Mobile (Policies) plug-in

  The Kaspersky Security for Mobile (Policies) plug-in lets you define the configuration settings for devices connected to Kaspersky Security Center, by using group policies.

The plug-ins are integrated into the Kaspersky Security Center remote administration system. You can use Kaspersky Security Center Web Console or Cloud Console to manage mobile devices, as well as client computers and virtual systems. After you connect mobile devices to the Administration Server, they become managed. You can remotely monitor managed devices.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Key features of mobile device management in Kaspersky Security Center Web Console and Cloud Console

Kaspersky Security for Mobile provides the following features:

• Distribution of email messages for connecting Android mobile devices to Kaspersky Security Center by using links to download the Kaspersky Endpoint Security for Android app from Google Play.
• Distribution of email messages for connecting iOS mobile devices to Kaspersky Security Center by using links to download the Kaspersky Security for iOS app from App Store.
• Remote connection of mobile devices to Kaspersky Security Center and other third-party EMM systems (for example, VMWare AirWatch, MobileIron, IBM Maas360, SOTI MobiControl).
• Remote configuration of the mobile app, as well as remote configuration of services, apps, and functions of mobile devices.
• Remote configuration of mobile devices in accordance with the corporate security requirements.
• Prevention of leakage of corporate information stored on mobile devices, in case they are lost or stolen (Anti-Theft). Supported for Android devices only.
• Control of compliance with corporate security requirements (Compliance Control). Supported for Android devices only.
• Control of protection against online threats and control of internet use on mobile devices (Web Protection).
• Setup of notifications shown to the user in the Kaspersky Endpoint Security for Android and Kaspersky Security for iOS apps.
• Administrator notifications about the status and events of the Kaspersky Endpoint Security for Android and Kaspersky Security for iOS apps can be communicated in Kaspersky Security Center or by email.
• Change Control for policy settings (revision history).

Kaspersky Security for Mobile includes the following protection and management components:

• Anti-Virus (for Android devices)
• Anti-Theft (for Android devices)
• Web Protection (for Android and iOS devices)
• App Control (for Android devices)
• Compliance Control (for Android devices)
• Detection of root privileges on Android devices and jailbreak detection on iOS devices

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

About the Kaspersky Endpoint Security for Android app

The Kaspersky Endpoint Security for Android app ensures protection of mobile devices against web threats, viruses, and other programs that pose threats.

The Kaspersky Endpoint Security for Android app includes the following components:

• Anti-Virus. This component detects and neutralizes threats on your device by using the Anti-Virus databases and the Kaspersky Security Network cloud service. Anti-Virus includes the following components:
  • Protection. It detects threats in open files, scans new apps, and prevents device infection in real time.
  • Scan. It is started on demand for the entire file system, only for installed apps, or a selected file or folder.
  • Update. It allows you to download new Anti-Virus databases for the application.
• Anti-Theft. This component protects information on the device against unauthorized access in case the device is lost or stolen. This component lets you send the following commands to the device:
  • Locate. Get the coordinates of the device's location.
  • Alarm. Make the device sound a loud alarm.
  • Wipe. Erase corporate data to protect sensitive company information.
• Web Protection. This component blocks malicious websites designed to spread malicious code. Web Protection also blocks fake (phishing) websites designed to steal confidential data of the user (for example, passwords for online banking or e-money systems) and access the user's financial info. Web Protection scans websites before you open them, by using the Kaspersky Security Network cloud service. After scanning, Web Protection allows trustworthy websites to load and blocks malicious websites. Web Protection also supports website filtering by categories defined in the Kaspersky Security Network cloud service. This allows the administrator to restrict user access to certain categories of web pages (for example, web pages from the "Gambling, lotteries, sweepstakes" or "Internet communication" categories).
• App Control. This component lets you install recommended and required apps to your device via a direct link to the distribution package or a link to Google Play. App Control lets you remove blocked apps that violate corporate security requirements.
• Compliance control. This component allows you to check managed devices for compliance with the corporate security requirements and impose restrictions on certain functions of non-compliant devices.

You can configure the components of the Kaspersky Endpoint Security for Android app in Kaspersky Security Center Web Console and Cloud Console by defining the settings of group policies.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

About the Kaspersky Security for iOS app

The Kaspersky Security for iOS app ensures protection of mobile devices against phishing and web threats.

The Kaspersky Security for iOS app offers the following key features:

• Web Protection. This component blocks malicious websites designed to spread malicious code. Web Protection also blocks fake (phishing) websites designed to steal confidential data of the user (for example, passwords for online banking or e-money systems) and access the user's financial info. Web Protection scans websites before you open them, by using the Kaspersky Security Network cloud service. After scanning, Web Protection allows trustworthy websites to load and blocks malicious websites. You can configure this component in Kaspersky Security Center Web Console and Cloud Console by defining the settings of group policies.
• Jailbreak detection. When Kaspersky Security for iOS detects a jailbreak, it displays a critical message and informs you about the issue.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

About the Kaspersky Security for Mobile (Devices) plug-in

The Kaspersky Security for Mobile (Devices) plug-in provides the interface for managing mobile devices and the mobile apps installed on them through Kaspersky Security Center Web Console and Cloud Console. The Kaspersky Security for Mobile (Devices) plug-in allows you to perform the following:

• Connect mobile devices to Kaspersky Security Center.
• Manage the certificates of mobile devices.
• Configure Firebase Cloud Messaging (for Android devices only).
• Send commands to mobile devices (for Android devices only).

The Kaspersky Security for Mobile (Devices) plug-in can be installed when configuring Kaspersky Security Center Web Console. If you are using Kaspersky Security Center Cloud Console, you do not need to install this plug-in. For more information about deployment scenarios in different types of consoles, see section "Deployment scenarios".

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

About the Kaspersky Security for Mobile (Policies) plug-in

The Kaspersky Security for Mobile (Policies) plug-in lets you define the configuration settings for devices connected to Kaspersky Security Center, by using group policies. The Kaspersky Security for Mobile (Policies) plug-in can be used to perform the following:

• Create group security policies for mobile devices.
• Remotely configure the operating settings of the mobile app on users' mobile devices.
• Receive reports and statistics on the operation of the mobile app on users' mobile devices.

The Kaspersky Security for Mobile (Policies) plug-in can be installed when configuring Kaspersky Security Center Web Console. If you are using Kaspersky Security Center Cloud Console, you do not need to install this plug-in. For more information about deployment scenarios in different types of consoles, see section "Deployment scenarios".

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Hardware and software requirements

This section lists the hardware and software requirements for the administrator's computer that is used to install the Kaspersky Security for Mobile (Devices) plug-in and the Kaspersky Security for Mobile (Policies) plug-in in Kaspersky Security Center Web Console and Cloud Console, as well as the hardware and software requirements of the mobile apps.

Hardware and software requirements for the administrator's computer

To install the Kaspersky Security for Mobile (Devices) plug-in and the Kaspersky Security for Mobile (Policies) plug-in, the administrator's computer must meet the hardware requirements of Kaspersky Security Center. For more information about the hardware and software requirements of Kaspersky Security Center:

• If you use Kaspersky Security Center Web Console, please refer to Kaspersky Security Center Help.
• If you use Kaspersky Security Center Cloud Console, please refer to Kaspersky Security Center Cloud Console Help.

To use the Kaspersky Security for Mobile (Devices) plug-in and the Kaspersky Security for Mobile (Policies) plug-in in Kaspersky Security Center Web Console, Kaspersky Security Center Web Console must be installed on the administrator's computer.

To use the Kaspersky Security for Mobile (Devices) plug-in and the Kaspersky Security for Mobile (Policies) plug-in in Kaspersky Security Center Cloud Console, you must create an account in Kaspersky Security Center Cloud Console. For more information about creating an account, please refer to Kaspersky Security Center Cloud Console Help.

The Kaspersky Endpoint Security for Android app can function within the following third-party EMM systems:

• VMware AirWatch 9.3 or later
• MobileIron 10.0 or later
• IBM MaaS360 10.68 or later
• Microsoft Intune 1908 or later
• SOTI MobiControl 14.1.4 (1693) or later

Hardware and software requirements for the user's mobile device to support installation of the Kaspersky Endpoint Security for Android app

The Kaspersky Endpoint Security for Android app has the following hardware and software requirements:

• Smartphone or tablet with a screen resolution of 320x480 pixels or higher
• 65 MB of free disk space in the main memory of the device
• Android 5.0–13 (including Android 12L, excluding Go Edition)
• x86, x86-64, Arm5, Arm6, Arm7, or Arm8 processor architecture

The app can be installed only to the main memory of the device.

Hardware and software requirements for the user's mobile device to support installation of the Kaspersky Security for iOS app

The Kaspersky Security for iOS app has the following hardware requirements:

• iPhone 6S or later
• iPad Air 2 or later

The Kaspersky Security for iOS app has the following software requirements:

• iOS 14.1 or later
• iPadOS 14.1 or later

The Kaspersky Security for iOS app can't operate properly when a VPN client with an active VPN connection is running on the same mobile device.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Known issues and considerations

Kaspersky Endpoint Security for Android and Kaspersky Security for iOS have several known issues that are non-critical for the operation of these apps.

Known issues of Kaspersky Security for iOS

• The Kaspersky Security for iOS app can't operate properly when a VPN client with an active VPN connection is running on the same mobile device.

Known issues of Kaspersky Endpoint Security for Android

Known issues when installing apps

• Kaspersky Endpoint Security for Android is installed only in the main memory of the device.
• On devices running Android 7.0, an error may occur during attempts to disable administrator rights for Kaspersky Endpoint Security for Android in device settings if Kaspersky Endpoint Security for Android is prohibited from overlaying on other windows. This issue is caused by a well-known defect in Android 7.
• Kaspersky Endpoint Security for Android on devices running Android 7.0 or later does not support multi-window mode.
• Kaspersky Endpoint Security for Android does not work on Chromebook devices running the Chrome operating system.
• Kaspersky Endpoint Security for Android does not work on devices running Android (Go edition) operating systems.
• When using the Kaspersky Endpoint Security for Android app with third-party EMM systems (for example, VMWare AirWatch), only the Anti-Virus and Web Protection components are available. The administrator can configure the settings of Anti-Virus and Web Protection in the EMM system console. In this case, notifications about app operation are available only in the interface of the Kaspersky Endpoint Security for Android app (Reports).

Known issues when upgrading the app version

• You can upgrade Kaspersky Endpoint Security for Android only to a more recent version of the app. Kaspersky Endpoint Security for Android cannot be downgraded to an older version.

Known issues in Anti-Virus operation

• Due to technical limitations, Kaspersky Endpoint Security for Android cannot scan files with a size of 2 GB or more. During a scan, the app skips such files without notifying you that such files were skipped.
• For additional analysis of a device for new threats whose information has not yet been added to anti-virus databases, you must enable the use of Kaspersky Security Network. Kaspersky Security Network (KSN) is an infrastructure of cloud services providing access to Kaspersky online knowledge base with information about the reputation of files, web resources, and software. To use KSN, the mobile device must be connected to the internet.
• In some cases, updating anti-virus databases from the Administration Server on a mobile device may fail. In this case, run the anti-virus database update task on the Administration Server.
• On some devices, Kaspersky Endpoint Security for Android does not detect devices connected over USB OTG. It is not possible to run a virus scan on such devices.
• On devices running Android 11 or later, the Kaspersky Endpoint Security for Android app can't scan the "Android/data" and "Android/obb" folders and detect malware in them due to technical limitations.
• On devices running Android 11 or later, the user must grant the "Allow access to manage all files" permission.
• On devices running Android 7.0 or later, the configuration window for the virus scan run schedule might be incorrectly displayed (management elements are not shown). This issue is caused by a well-known defect in Android 7.
• On devices running Android 7.0, real-time protection in the extended mode does not detect threats in files that are stored on an external SD card.
• On devices running Android 6.0, Kaspersky Endpoint Security for Android does not detect the downloading of a malicious file to the device memory. A malicious file may be detected by Anti-Virus when the file is run, or during a virus scan of the device. This issue is caused by a well-known defect in Android 6.0. To ensure device security, it is recommended to configure scheduled virus scans.

Known issues in Web Protection operation

• Web Protection on Android devices works only in the Google Chrome browser (including the Custom Tabs feature), Huawei Browser, and Samsung Internet Browser.

• For Web Protection to work, you must enable the use of Kaspersky Security Network. Web Protection blocks websites based on the KSN data on the reputation and category of websites.
• Forbidden websites may remain unblocked by Web Protection on devices running Android 6.0 with Google Chrome version 51 (or any earlier version) installed if the website is opened in the following ways (this issue is caused by a well-known defect in Google Chrome):
  • From search results.
  • From the bookmarks list.
  • From search history.
  • Using the web address autocomplete function.
  • Opening the website in a new tab in Google Chrome.
• Forbidden websites may remain unblocked in Google Chrome version 50 (or any earlier version) if the website is opened from Google search results while the Merge Tabs and Apps feature is enabled in the browser settings. This issue is caused by a well-known defect in Google Chrome.
• Websites from blocked categories may remain unblocked in Google Chrome if the user opens them from third-party apps, for example, from an IM client app. This issue is related to how the Accessibility service works with the Chrome Custom Tabs feature.
• Forbidden websites may remain unblocked in Samsung Internet Browser if the user opens them in background mode from the context menu or from third-party apps, for example, from an IM client app.
• Kaspersky Endpoint Security for Android must be set as an Accessibility feature to ensure proper functioning of Web Protection.
• On some Xiaomi devices, the "Display pop-up window" and "Display pop-up windows while running in the background" permissions should be granted for Web Protection to work.
• Allowed websites may be blocked in Samsung Internet Browser in the Only listed websites are allowed Web Protection mode when the page is refreshed. Websites are blocked if a regular expression contains advanced settings (for example, ^https?://example.com/pictures/). It is recommended to use regular expressions without additional settings (for example, ^https?://example.com).
• If Web Protection is set to All websites are blocked, Kaspersky Endpoint Security for Android does not block search in the Google Search widget. Instead, it blocks user access to the search results.
• In a work profile, if Web Protection is set to All websites are blocked, Kaspersky Endpoint Security for Android endlessly reloads the Google Chrome home page, blocks the browser, and interferes with the device.

Known issues in Anti-Theft operation

• For timely delivery of commands to Android devices, the app uses the Firebase Cloud Messaging (FCM) service. If FCM is not configured, commands will be delivered to the device only during synchronization with Kaspersky Security Center according to the schedule defined in the policy, for example, every 24 hours.
• To lock a device, Kaspersky Endpoint Security for Android must be set as the device administrator.
• To lock devices running Android 7.0 or later, Kaspersky Endpoint Security for Android must be set as an Accessibility feature.
• On some devices, Anti-Theft commands may fail to execute if Battery Saver mode is enabled on the device. This defect has been confirmed on Alcatel 5080X.
• To locate devices running Android 10.0 or later, the user must grant the "All the time" permission to device location.

Known issues in App Control operation

• Kaspersky Endpoint Security for Android must be set as an Accessibility feature to ensure proper functioning of App Control. This does not apply to device owner mode.
• For App Control (app categories) to work, you must enable the use of Kaspersky Security Network. App Control determines the category of an app based on data that is available in KSN. To use KSN, the mobile device must be connected to the internet. For App Control, you can add individual apps to the lists of blocked and allowed apps. In this case, KSN is not required.
• When configuring App Control, it is recommended to clear the Block system apps check box. Blocking system apps may lead to problems in device operation.

Known issues when configuring device unlock password strength

• On devices running Android 10.0 or later, Kaspersky Endpoint Security resolves the password strength requirements into one of the system values: medium or high.

  If the password length required is 1 to 4 symbols, then the app prompts the user to set a medium-strength password. It must be either numeric (PIN), with no repeating or ordered (e.g. 1234) sequences; or alphanumeric. The PIN or password must be at least 4 characters long.

  If the password length required is 5 or more symbols, then the app prompts the user to set a high-strength password. It must be either numeric (PIN), with no repeating or ordered sequences; or alphanumeric (password). The PIN must be at least 8 digits long; the password must be at least 6 characters long.

• On devices running Android 7.1.1, if the unlock password does not meet the corporate security requirements (Compliance Control), the Settings system app may function improperly when an attempt is made to change the unlock password through Kaspersky Endpoint Security for Android. The issue is caused by a well-known defect in Android 7.1.1. In this case, to change the unlock password, use the Settings system app only.
• On some devices running Android 6.0 or later, an error may occur when screen unlock password is entered, if device data is encrypted. This issue is related to specific features of the Accessibility service with MIUI firmware.

Known issues with App removal protection

• Kaspersky Endpoint Security for Android must be set as the device administrator.
• To protect the app from removal on devices running Android 7.0 or later, Kaspersky Endpoint Security for Android must be set as an Accessibility feature.
• On some Xiaomi and Huawei devices, Kaspersky Endpoint Security for Android removal protection does not work. This issue is caused by the specific features of MIUI 7 and 8 firmware on Xiaomi and EMUI firmware on Huawei.

Known issues when configuring device restrictions

• On devices running Android 10.0 or later, prohibiting the use of Wi-Fi networks is not supported.
• On devices running Android 10.0 or later, the use of the camera cannot be completely prohibited.
• On devices running Android 11 or later, Kaspersky Endpoint Security for Android must be set as an Accessibility feature. Kaspersky Endpoint Security for Android prompts the user to set the app as an Accessibility feature through the Initial Configuration Wizard. The user can skip this step or disable this service in the device settings at a later time. If this is the case, you will not be able to restrict use of the camera.

Known issues when sending commands to mobile devices

• On devices running Android 12 or later, if the user granted the "Use approximate location" permission, the Kaspersky Endpoint Security for Android app first tries to get the precise device location. If this is not successful, the approximate device location is returned only if it was received not more than 30 minutes earlier. Otherwise, the Locate device command fails.

Known issues with specific devices

• On certain devices (for example, Huawei, Meizu, and Xiaomi), you must grant Kaspersky Endpoint Security for Android an autostart permission or manually add it to the list of apps that are started when the operating system starts. If the app is not added to the list, Kaspersky Endpoint Security for Android stops performing all of its functions after the mobile device is restarted. In addition, if the device has been locked, you cannot use a command to unlock the device. You can unlock the device only by using a one-time unlock code.
• On certain devices (for example, Meizu and Asus) running Android 6.0 or later, after encrypting data and restarting the Android device, you must enter a numeric password to unlock the device. If the user uses a graphic password to unlock the device, you must convert the graphic password to a numeric password. For more details about converting a graphic password into a numeric password, please refer to the Technical Support website of the mobile device manufacturer. This issue is related to the operation of the Accessibility Features service.
• On some Huawei devices running Android 5.Х, after Kaspersky Endpoint Security for Android is set as an Accessibility feature, an incorrect message about the lack of appropriate rights may be displayed. To hide this message, enable the app as a protected app in the device settings.
• On some Huawei devices running Android 5.X or 6.X, when Battery Saver mode is enabled for Kaspersky Endpoint Security for Android, the user can manually terminate the app. The user device becomes unprotected after that. This issue is due to some features of Huawei software. To restore the device protection, run Kaspersky Endpoint Security for Android manually. It is recommended to disable Battery Saver mode for Kaspersky Endpoint Security for Android in the device settings.
• On Huawei devices with EMUI firmware running Android 7.0, the user can hide the notification regarding the protection status of Kaspersky Endpoint Security for Android. This issue is due to some features of Huawei software.
• On some Xiaomi devices, when setting the password length to more than 5 characters in a policy, the user will be prompted to change the screen unlock password instead of the PIN code. You cannot set a PIN code that has more than 5 characters. This issue is due to some features of Xiaomi software.
• On Xiaomi devices with MIUI firmware running Android 6.0, the Kaspersky Endpoint Security for Android icon may be hidden in the status bar. This issue is due to some features of Xiaomi software. It is recommended to allow the display of notification icons in Notifications settings.
• On some Nexus devices running Android 6.0.1, the privileges required for proper operation cannot be granted through the Quick Start Wizard of Kaspersky Endpoint Security for Android. This issue is caused by a well-known defect in Security Patch for Android by Google. To ensure proper operation, the required privileges must be manually granted in the device settings.
• On certain Samsung devices running Android 7.0 or later, when the user attempts to configure unsupported methods for unlocking the device (for example, a graphical password), the device may be locked if the following conditions are met: Kaspersky Endpoint Security for Android removal protection is enabled and screen unlock password strength requirements are set. To unlock the device, you must send a special command to the device.
• On certain Samsung devices, it is impossible to block the use of fingerprints for unlocking the screen.
• Web Protection cannot be enabled on some Samsung devices, if the device is connected to a 3G/4G network, has Battery Saver mode enabled and restricts background data. It is recommended to disable the function that restricts background processes in Battery Saver settings.
• On certain Samsung devices, if the unlock password does not comply with corporate security requirements, Kaspersky Endpoint Security for Android does not block the use of fingerprints for unlocking the screen.
• On some Honor and Huawei devices, you cannot restrict the use of Bluetooth. When Kaspersky Endpoint Security for Android attempts to restrict the use of Bluetooth, the operating system shows a notification containing the options to reject or allow this restriction. The user can reject this restriction and continue to use Bluetooth.
• On Blackview devices, the user can clear the memory for the Kaspersky Endpoint Security for Android app. As a result, the device protection and management are disabled, all defined settings become ineffective, and the Kaspersky Endpoint Security for Android app is removed from the Accessibility features. This is because this vendor's devices provide the customized Recent screens app with elevated privileges. This app can override Kaspersky Endpoint Security for Android settings and cannot be replaced because it is part of the Android operating system.
• On some Google Pixel devices running Android 11 or earlier, the Kaspersky Endpoint Security for Android app crashes immediately after the start. This is caused by an issue in Android.
• On Samsung Galaxy S23 and S24 series devices Real-Time Protection may not work.

Known issues in app operation on Android 13

• On Android 13, the user can use the Foreground Services Task Manager to stop Kaspersky Endpoint Security from running in the background. This is caused by a well-known issue in Android 13.
• On Android 13, the permission to send notifications is requested when the initial app configuration begins. This is due to specifics of the Android 13 operating system.