HP AppPulse Mobile Whitepaper: Privacy, Security, and Overhead Document Release Date: September 2014 (v1.0)
Introduction Introduction In mobile applications, user experience isn t everything; it s the only thing! With HP AppPulse Mobile, application owners, product managers and developers can measure what matters in user experience, focus on fixing problems that affect the most users, improve customer experience, and deliver 5-star apps! AppPulse Mobile monitors native applications installed by end-users on their devices, usually from the itunes or Google Play stores. This means that the application must be shipped with embedded AppPulse Mobile monitoring capabilities. AppPulse Mobile is a self-service SaaS solution. Implementation doesn t require any code changes, and it is tag-less - compiled code and libraries are added to the application automatically. Once the mobile app is installed on a mobile device and the user launches the app and interacts with it, AppPulse Mobile automatically identifies their actions, and reports statistics about their user experience to our SaaS backend. Adding AppPulse Mobile to an application does not change the way the application functions and responds to the user. This document describes how AppPulse Mobile affects application installation size and network consumption, and also explains how other aspects are not affected. The following diagram illustrates the AppPulse Mobile data flow: HP AppPulse Mobile (Public Beta) Page 2 of 7
Privacy Privacy HP AppPulse Mobile reports display statistical metrics aggregated from many users. We do not send any PII (personally identifiable information). All data sent from users' devices is filtered to remove any potentially private data, such as Social Security numbers (SSN), credit card numbers, and so on. We report only the actions and not the user input associated with them. We do not collect any information external to the application process on end-user devices. Example 1: If a user enters their credit card number in a credit card number field, the number itself is not reported to AppPulse Mobile, and is not displayed by AppPulse Mobile. We only report that a number was entered into the field. Example 2: If an application has a button which includes a credit card number and the user taps this button, the number itself is not reported to AppPulse Mobile. Instead, this is reported as Tap **** button in Credit card page. As part of the SDK configuration the operator can extend blocking control by specifying data they wish to block. For details, see the Setting up Android Apps and the Setting up ios Apps PDFs. Configuring Opt-in/Opt-out By default, data is automatically sent from mobile apps to HP AppPulse Mobile. We also have opt-in/opt-out capabilities, whereby you can enable the end-user to accept or reject monitoring on their device. For details, see the Setting up Android Apps and the Setting up ios Apps PDFs. HP AppPulse Mobile (Public Beta) Page 3 of 7
Overhead Overhead Network Consumption HP AppPulse Mobile s report rate depends on the rate in which real users interact with the application. For a typical application where a user taps on the screen approximately 6 times per minute, AppPulse Mobile s network consumption will be approximately 600 bytes per minute. AppPulse Mobile's reporting engine limits the reporting to no more than twice every minute, and no more than 60KB per minute. The rest of the data is ignored. When a crash occurs, a crash report is sent and its size is a maximum of 3KB. AppPulse Mobile reports data regardless of whether data connectivity is WIFI or cellular. Resource Utilization CPU Usage and Memory. We designed AppPulse Mobile to use a minimum amount of CPU and memory; for typical apps, this consumption will be insignificant relative to the application code itself. Storage Size. No data is stored by AppPulse Mobile locally. Battery Consumption. Battery consumption may be affected by network usage which we reduced to minimum; for details see "Network Consumption" above. Application Size Android. Adding AppPulse Mobile to an Android application causes it to increase in size by an additional 180-400 KB, depending on the application architecture. ios. The increase of ios application size depends on which architectures the app is using. When compiled for standard architectures (ARM64, ARMv7, ARMv7s), the increase in size is expected to be 500-700 KB. HP AppPulse Mobile (Public Beta) Page 4 of 7
Security Security All data from the mobile device is sent over an HTTPS (secured) channel. Each packet is signed by a signature which validates its correctness. All the data is stored using the highest security measures, as defined and verified by the HP security office. Permissions HP AppPulse Mobile does not add permissions to the application. On Android, AppPulse Mobile requires Network permission. Data Center Security AppPulse Mobile is hosted in HP SaaS, which is a secured cloud service. HP SaaS and its infrastructure are compliant with International Security Standard, ISO/IEC 27001:2013. HP SaaS undergoes annual ISO 27001 process certification (issued by IQNet, the world s largest network of leading certification bodies) of our data facilities by the Standards Institution of Israel (SII), including organization, processing facilities, customer data and privacy, technology and services, marketing, financial, and HR data. Only HP with a SaaS portfolio based on more than a decade of experience working with and delivering for the world s leading brands can credibly offer enterpriseclass levels of availability and security. The customer is responsible for managing user and group account administration for the HP SaaS application and making sure only valid, authorized users access the HP SaaS application. This includes the following tasks: permissions and privileges for users and groups, account naming schemes, password policies, and authentication procedures. Such users will access and use the system only for the purposes of using the application. The customer will prohibit use of any hacker tool such as port scanners, password crackers, and network sensors on the SaaS environment. Furthermore, the customer may not perform load tests. HP SaaS has implemented numerous physical security measures, firewalls and routers, access control lists, OS hardening, and other processes. Additional security measures include the following: Strong password policies Two-factor authentication for network devices HP AppPulse Mobile (Public Beta) Page 5 of 7
Supported Mobile Operating System Versions Controlled access to database or system passwords Each data center is equipped with physical protection such as video cameras on all access points and along the perimeter, key card access and ID cards, and visual identification by 24x7 security personnel. All visits must be prearranged, otherwise access is denied. Supported Mobile Operating System Versions Android. AppPulse Mobile supports Android from version 2.3 (Gingerbread). ios. AppPulse Mobile supports ios from version 5.x. Note: Beta OS versions are not officially supported. HP AppPulse Mobile (Public Beta) Page 6 of 7
Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice. Restricted Rights Legend Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. Copyright Notice Copyright 2014 Hewlett-Packard Development Company, L.P. Trademark Notices Apple is a trademark of Apple Computer, Inc., registered in the U.S. and other countries. Google and Android are registered trademarks of Google Inc. HP AppPulse Mobile (Public Beta) Page 7 of 7