Certifications:

ISO/IEC 27001:2013

42Gears has been certified by the global Information Security Management System (ISMS) certification, ISO/IEC 27001. ISMS is a framework of procedures and policies that includes all technical, legal, and physical controls involved in a company’s information risk management process.

Download ISO 27001 Certificate

Benefits of ISO 27001:

• Compliance with commercial, contractual, and legal responsibilities
• Improving processes and strategies
• Preventing fines and loss of reputation
• Retaining customers and winning new businesses

Information Commissioner's Office

The Information Commissioner's Office is an independent authority to uphold information rights in the interest of the public and data privacy for individuals in the UK.
The Data Protection Regulations 2018 requires organisations who process Personal Information to register with Information Commissioner's Office

You may view 42Gears ICO registration here.

SOC 2 Type II Report

A SOC 2 Type II audit reports on controls at a service organization that are relevant to security, availability, processing integrity, confidentiality, and privacy. Conducted by an independent service auditor, this audit evaluates the design, implementation, and effectiveness of the controls 42Gears has put in place for its products SureMDM, SureLock, SureFox, SureVideo, and AstroContacts.

During the audit period, tests of controls were performed on controls as they existed and were applied to those controls relating to in-scope trust services criteria. The audit covered all the controls pertaining to the confidentiality, integrity, and availability of 42Gears. The report inspires trust and confidence in the company by showing that it is committed to the security of customer data.

A copy of the 42Gears SOC 2 Type II report is available under NDA. To get yours, please send a mail to sales@42gears.com.

Cyber Essentials

Cyber Essentials is a UK Government backed and industry supported scheme which provides a clear statement of basic controls that organizations should have in place to mitigate the risk from a wide range of Cyber threats. This certification assures customers that 42Gears has an understanding of the cyber security level and work towards securing the IT against cyber attack.

You may download our current certification here.

PCI DSS Compliance

The Payment Card Industry Data Security Standard (PCI DSS) is a collection of security standards made to protect credit and debit cardholder data against theft and fraud. It is governed by the Payment Card Industry Security Standards Council (PCI SSC). PCI certification helps businesses build trustworthy and long-lasting relationships with their customers by safeguarding sensitive data and information. 

PCI DSS certification is important for businesses that process credit or debit card transactions. 

The PCI Standard defines the security requirements that merchants and service providers must follow to protect cardholder data. The standard requirements are a collection of people, processes, and technical requirements covering the protection of cardholder data processing, storage, transmission, and the security aspects of associated infrastructure, network, system components, applications, SIEM, vulnerability, and penetration testing.

There are 12 different requirements under the PCI DSS to secure cardholder data. The requirement description is mentioned here.

42Gears is now PCI DSS compliant.

42Gears’ UEM deployment has been validated against all the PCI DSS requirements, and this demonstrates the company’s complete compliance with the PCI DSS. 

During the assessment, the PCI QSA (qualified security assessor) verified all the applicable requirements for 42Gears’ in-scope applications, such as the SureMDM web application, SureMDM Agent, SureLock, Enterprise Agent, and SureDefense mobile applications. 

42Gears has implemented all 12 requirements applicable to PCI DSS and is committed to maintaining the security and confidentiality of payment card information. 

A copy of the 42Gears PCI DSS AOC is available under NDA. To get yours, please send an email to sales@42gears.com.

General Data Protection Regulation (GDPR)

The European Union (EU) General Data Protection Regulation (GDPR), enforceable as of May 25, 2018, imposes additional requirements upon companies to enhance the protection of personal data of EU residents. 42Gears Mobility Systems has a dedicated, core-functional team overseeing 42Gears' GDPR readiness. 42Gears has policies and procedures in place to demonstrate GDPR compliance and our sub-processors. We discuss our efforts and commitment to GDPR here.

California Consumer Privacy Act (CCPA)

If You are a California resident, You are entitled to certain rights with respect to personal information that We collect about You. Learn more about these rights and how to exercise them in our California Privacy Notice.

Questions regarding our privacy may addressed at privacyinfo@42gears.com for any of their requests.

The Consensus Assessments Initiative Questionnaire (CAIQ) is a series of comprehensive questions designed by Cloud Security Alliance (CSA) to provide an insight to cloud service consumers to assess the security, privacy ,and compliance processes of a cloud service provider.

42Gears team has compiled detailed responses to over 200 items in the assessment for our SureMDM Product, as per the respective domains and successfully completed Self Assessment for the cloud services.

Download the CSA STAR Self-Assessment from CSA STAR Registry for 42Gears Mobility Systems Pvt Ltd.

We capture and store the following information through our products to help our customers meet their device management objectives.

SureMDM

• • Device Details- SureMDM collects Android_ID, device make, model, OS and OS version, timezone, IP address, MAC address, mobile carrier information, etc. This information is collected to identify duplicate enrollments and filter out apps that are not compatible with the Enterprise Store.
  • Battery Status and Data Usage- This information is collected so that IT admins can view Charging Status in the Device Info panel and Data Usage on the Dashboard. Admins can check such details and act on them if the figures go below or above defined thresholds (there is an option for IT admins to get notified if values cross set thresholds).
  • Information Collected for Company Owned Mobile Devices- SureMDM stores inventory information for each of the mobile devices managed. The following information is collected  for each company owned mobile device:
    1. Hardware information, including UDID, SIM serial number, IMEI, IMEI2, MAC address, model, brand, storage information, phone number, address, Bluetooth MAC address, contact name, device local IP address, location (longitude and latitude), etc.
       The main purpose of capturing location details is to ensure that IT admins can track business devices (so it is not misused and corporate data is not leaked, in case the device is lost or stolen). Details like Bluetooth MAC Address, SIM Serial Number, etc. are  mainly captured for inventory management.
    2. Operating system information like version, build number, security patch date, etc. is captured so that IT admins can keep a track and push new updates, if available.
    3. Installed apps
    4. Installed configuration profiles
    5. Information can also be collected using mobile device extension attributes, which are custom fields through which almost any type of data can be collected from company owned devices.

Note: All this data is collected mainly for asset tracking and inventory management. As these details are collected via SIM cards, any attempt to tamper or swap SIM cards can be detected and IT admins can get notified immediately about any non-compliant action. For more info please refer to the 42Gears Privacy Page.

• • Information Collected from Personally-Owned Mobile Devices- SureMDM stores limited details of personally owned mobile devices. The following information can be viewed for each personally-owned mobile device:
    1. Hardware information including UDID, serial number, MAC address, model, IMEI, IMSI,brand, storage information,phone number, address, Bluetooth MAC address, contact name, device local IP address, location (longitude and latitude), etc.
       The main purpose of capturing location details is to ensure that IT admins can track business devices (so it is not misused and corporate data is not leaked, in case the device is lost or stolen). Details like Bluetooth MAC Address, SIM Serial Number, etc. are mainly captured for inventory management.
    2. Operating system information like version, build number, security patch date, etc. is captured so that IT admins can keep a track and push new updates, if available.
    3. Managed apps installed by SureMDM
    4. Configuration profiles installed by SureMDM
    5. Mobile device extension attributes do not apply to personally-owned mobile devices.

This information is collected mainly for asset tracking and inventory management. As data is collected via SIM cards, any attempt to tamper or swap SIM cards can be detected and IT admins can get notified of any non-compliant action. For more info please refer to the 42Gears Privacy Page.

Data collected in MDM: https://www.42gears.com/data-collected-in-mdm/

SureLock

The following information is collected for Android devices:

• Hardware information, including device model, IP address, IMEI, IMEI2, WiFi Mac, Bluetooth Mac, Android ID, Serial Number, and device OS- These details are captured for the purpose of device activation and enabling kiosk lockdown.

The following information is collected for Windows devices:

• Hardware information, including device model, IP address, WiFi Mac, device OS-These details are captured for the purpose of device activation and enabling SureLock.

SureFox

The following information is collected for Android devices:

• Hardware information, including device model, IP address, IMEI, WiFi Mac, Bluetooth Mac, device OS- These details are captured for the purpose of device activation and enabling kiosk lockdown.

SureVideo

The following information is collected for Android devices:

• Hardware information, including device model, IP address, IMEI, WiFi Mac, Bluetooth Mac, device OS- These details are captured for the purpose of device activation and enabling kiosk lockdown.

The following information is collected for Windows devices:

• Hardware information, including device model, IP address, IMEI, WiFi Mac, Bluetooth Mac, device OS- These details are captured for the purpose of device activation and enabling kiosk lockdown.

The following information is collected for iOS devices:

• Hardware information, including device model, IP address, IMEI, WiFi Mac, Bluetooth Mac, device OS- This information is captured for the purpose of activation.

AstroContacts

The following information is collected:

Operating system, device model and serial number

AstroFarm

The following information is collected:

• Details From Phone- Device Platform, Model Name, Device serial number, OS details, Phone details like IMEI, IMSI, ICCID, Network, Phonenumber, Manufacturer name, CPU Details, Battery Details, Browsers available on the device, Display details, Network details.
• Details of a User- Name, Email address.

Upon termination or expiration of the Agreement, 42Gears shall (at Customer's option) delete or return to Customer all Customer Data (including copies) in its possession or control, except that this requirement shall not apply to the extent is required by applicable law to retain some or all of the Customer Data, or to Customer Data it has archived on back-up systems, which 42Gears shall securely isolate, protect from any further processing and eventually delete in accordance with 42Gears deletion policies, except to the extent required by applicable law.

SureMDM

Android

Following is the list of important permissions SureMDM Nix needs in order to function properly:

• Device Admin- SureMDM Nix asks for Device Admin permission to  tighten security and apply security policies in the future. It is recommended to make Nix the Device Admin so that in future new security policies can be applied seamlessly. For EMM devices, Device Owner permission is mandatory.
• Usage Access- This is mainly used to calculate Mobile Data consumption. It keeps a track of data consumption and helps ensure that data connectivity is not misused at any point of time. In case of App Usage, this permission helps to know which application is currently running. This allows IT admins to determine whether the app that is in use is whitelisted or not.
• Ignore Battery Optimization- The main purpose of this is to keep SureMDM Nix running in the foreground so that it does not go offline even when an app is idle for a certain length of time (if SureMDM Nix goes offline, it will make the device go offline and the IT admin will not be able to perform any action).
• Allow Screen Capture- The main purpose of this is to enable  remote management of devices so that IT admins can keep a track of the activities being performed by users on their devices.
• Configure System Permissions- This is required to provide end users with an option to modify settings like system brightness, time zone, font size, etc. based on their requirements.
• Configure Unknown Sources- Once this is enabled, SureMDM Nix allows third-party apps to be installed on the device. This permission seeks to capture user consent for the same.
• Display over other apps- This permission is mandatory for Android 10 devices. It is required to ensure that the notifications for messages or jobs pushed by the IT admin display on top of the app that’s already running on the device.
• Runtime permissions- SureMDM needs the user’s permission to access the Camera, Call Logs, SMS Logs, Contacts, Location, Storage for some functionalities to work. The main purpose of this is to collect data for inventory management and accessing SIM card information so that the IT admin can get notified in case a device is being misused by the user (the camera can be used to take pictures of any suspicious action being performed by the user so that any security concerns can be addressed).

iOS

• Notifications- To receive push notifications and inform the user that jobs/profiles have been successfully applied
• VPN- For network fencing
• Camera- To scan the QR code in order to enroll in a device on the SureMDM console
• Location Access- For geo fencing

macOS

• Location Access- For location tracking
• Accessibility- To allow touch events during remote support sessions
• Files and Folders- To access files during remote support
• Screen recording- For remote support

SureLock

Android

Following is the list of important permissions SureLock needs in order to function properly:

• Set SureLock as Default Launcher- The main purpose of this is to set SureLock as a default launcher.
• Configure Runtime Permissions- Following are the different permissions needed:
  1. Storage- This is required to Write or Read Settings from external storage.
  2. Telephone- This is required to read the IMEI number for activation.
  3. Contacts- This is required for phone settings to block or whitelist phone calls.
  4. SMS- This is required for receiving SMS commands, such as change password.
  5. Camera- This is required to import settings from the QR code.
  6. Location- This is required for driver safety settings.
• Activate Device Admin- This is needed for improve security and to apply security policies in the future. It is recommended to make SureLock the Device Admin so that in future new security policies can be applied seamlessly.
• Enable Samsung KNOX- This permission is specially for Samsung devices. It is required to enable advanced lockdown features like disable power off button, volume button, etc.
• Enable Usage Access- This permission is required to enable the Kiosk mode.
• Configure System Permissions- The main purpose of this is to provide end users with an option to modify settings like system brightness, etc. based on their requirements.
• Enable Notification Access- This permission is required to block notifications and to display badges on apps.
• Enable Display Over Other Apps- This permission is required to enable the power saving settings.
• Enable SureKeyboard Service- The main purpose of this is to provide flexibility to the end users to use SureKeyboard instead of the system keyboard.
• Disable USB Debugging- This permission is intended to disable developer options.
• Disable Automatic Update From Play Store- This setting can be used to disable updates automatically from the Play Store.

SureFox/SureFox Lite

Android

Following is the list of important permissions SureFox needs in order to function properly:

• Configure Runtime Permissions- Following are the different permissions needed:
  1. Storage- This is required to Write or Read Settings from external storage.
  2. Telephone- This is required to read the IMEI number for activation.
  3. Contacts- This is required for disabling automatic updates from the Play Store.
  4. Microphone - This is required for allowing microphone access for allowed websites. SureFox will not have access to the audio allowed nor will it record/collect any audio for its own use.
  5. Camera- This is required to import settings from the QR code.
  6. Location- This is required for allowing location access for allowed websites.
• Activate Device Admin- This is required to improve security and to apply security policies in the future. It is recommended to make SureFox the Device Admin so that in future new security policies can be applied seamlessly. This permission is mandatory for those using Samsung KNOX features.
• Enable Samsung KNOX- This permission is specially required for Samsung devices for enabling advanced lockdown features like disable power off button, volume button, etc.
• Enable Usage Access- This permission is required to enable the Kiosk mode.
• Enable Display Over Other Apps- This permission is required to enable the power saving settings.
• Configure System Permissions- The main purpose of this is to provide end users with an option to modify settings, like screensaver, based on their requirements.

iOS

• Photo Library- To access pictures from Photos
• Photo Library Additions- To save pictures in Photos
• Camera- To scan QR codes
• Location Access- To show location-wise web search data to users in the browser
• Motion- To know the device orientation (landscape/portrait) and measure the speed of the device movement
• Microphone- To use the microphone
• Media Library- To access media files

SureVideo

Android

Following is the list of important permissions SureVideo needs in order to function properly:

• Configure Runtime Permissions- Following are the different permissions needed:
  1. Storage- This is required to access photos, media, and files on your device.
  2. Telephone- This is required to read the IMEI number for activation.
  3. Camera- This is required to import settings from the QR code.
  4. Location- This is required to get the available networks in the Wi-Fi Center plugin.
• Enable Usage Access- This permission is required to enable the Kiosk mode.
• Enable Display Over Other Apps- This permission is required to enable the power saving settings.
• Configure System Permissions- The main purpose of permission is to provide end users with an option to modify settings, like screensaver settings, based on their requirements.

AstroContacts

Following is the list of important permissions AstroContacts needs in order to function properly:

• Contacts- AstroContacts requires these permissions to access the contacts to sync contacts detail from AstroContacts to the local phone book. It's only one way from AstroContacts to the phone book, the AstroContacts application installed on the device never reports any contacts to the server.
• Camera- AstroContacts needs this permission to allow the user to change the profile picture and scan a QR code to enroll.
• Photos- AstroContacts requires this permission to add the photo to the photo library and later use it as a profile picture.

AstroFarm

Following is the list of important permissions AstroFarm needs in order to function properly:

Normal level Permission

• DISABLE_KEYGUARD: It is used for locking and Unlocking the Devices
• WAKE_LOCK: It is used to open the lock
• INTERNET : It is used for internet connectivity
• ACCESS_NETWORK_STATE: This is used to get connection status such as connected-- disconnected or roaming
• CHANGE_WIFI_STATE: This allows applications to change Wi-Fi connectivity state.
• ACCESS_WIFI_STATE: This allows applications to access information about Wi-Fi networks.
• DUMP:  It allows an application to retrieve state dump information from system services.
• BLUETOOTH: It is used to get bluetooth state
  
• BLUETOOTH_ADMIN: It is used to get bluetooth details and state change
• FOREGROUND_SERVICE From android API 28 – It is used to show notification of applications as running in background
• MANAGE_ACCOUNTS : It helps to manage the profile such as to add and delete accounts

Dangerous level permissions --- Runtime Permission

• READ_PHONE_STATE  :  It allows read only access to phone state, including the current cellular network information, the status of any ongoing calls and a list of any Phone Accounts registered on the device.
  
• GET_ACCOUNTS : It allows access to the list of accounts in the Accounts Service. (In device ex: google, dropbox etc.)
• WRITE_EXTERNAL_STORAGE  : It allows an application to write to an external storage.

CamLock

Following is the list of important permissions CamLock needs in order to function properly:

Android

• Configure Runtime Permissions: CamLock requires some runtime permissions like Storage permission to write log files to external storage, Location permission to access the location and restrict the use of the camera application on a configured Geo-Fence area and Camera permission to scan QR codes.
• Enable Background Location: CamLock requires this permission to access the location and restrict the use of camera application in a configured Geo-Fence area, even when the app is running in the background or when the app is not actively being used.
• Enable Accessibility Settings: CamLock requires this permission to prevent users from uninstalling the CamLock agent configured on their device.
• Enable Display Over Other Apps: CamLock requires this permission to display a lock screen over the camera when a user tries to access the application blocked by the admin.
• Enable Notification Access: CamLock requires this permission to read the notifications and prevent the usage of video calling services on the applications blocked by the admin.
• Disable Multi-Users: CamLock requires this permission to block the users from creating multiple users on the device.
• Schedule Exact Alarm: CamLock requires this permission in Time Fence to trigger the properties at the specific time.
• Enable Location Service: CamLock requires this permission to access the location of the device for the Geo-Fence feature.

Device/OEM Specific Permissions (Xiaomi devices)

• Enable Display Pop-up Window:  CamLock requires this permission to launch warning pop-ups required to block the video calling application.
• Disable Second Space: CamLock requires this permission to ensure that the users do not install camera applications in the secondary space on the device. 
• Enable Lock Apps: CamLock requires this permission to prevent the app from getting stopped while clearing the recent apps. 

iOS

• Notification Permission : CamLock requires this permission to receive push notifications on the device which are used for opening the application in the background and handling kill application flow. 
• Screen Time Permission : CamLock requires this permission to block or unblock the camera and to prevent uninstallation of applications. 
• Camera Permission: CamLock requires this permission to scan the QR codes.

42Gears’ system administration team routinely performs security assessments of all live systems. We use third-party auditing tools at regular intervals to ensure that system security is not compromised. 42Gears hardens the systems using the CIS Critical Security Controls (CIS Controls) benchmarks and regularly conducts security assessments of all active systems; we use third-party auditing tools at regular intervals to ensure that system security is not compromised.

Proactive security procedures, such as intrusion-detection systems and intrusion prevention systems, Security Command Centre that allows us to monitor our systems and identify any potential security threats in real-time. Security Hub allows us to automate security checks and compliance validation and provides us with actionable insights and recommendations to enhance our security measures.

Security measures like parameter defense are implemented by AWS/GCP cloud service providers.

Extensive monitoring and logging are in place and so are processes for detecting, reporting, and responding to any incidents.

42Gears encrypts all customer data in transit and at rest using industry standards and best practices. The Advanced Encryption Standard (AES) algorithm with a key size of 256 bits is used for data at rest. TLS 1.2 protects data in transit, helping to secure network traffic.

42Gears employs redundancy at every layer possible in our infrastructure, and our platform is designed to accommodate operating failures to ensure availability.

Data Center Security

42Gears uses Amazon Web Services (AWS), Google Cloud Platform (GCP) and MongoDB Atlas for hosting the services. These data centres are equipped with many security features, such as security feeds, fencing, security guards, and intrusion detection technology.

Physical and Logical Access Control

In addition to data center security from AWS, GCP and MongoDB Atlas, 42Gears follows standard and strict procedures to secure customer data. We have a dedicated system administration team that takes care of system security. Our servers are administered over a secured network. SSH/RDP is supported by authenticated (2FA) and encrypted remote log-in access by select and authorized 42Gears staff only. Strict firewall policies and audit logs ensure very tight access control.

Server Security

42Gears’ system administration team routinely performs security assessments of all live systems. We make use of third-party auditing tools from time to time to ensure that the system security is not compromised.

Secure Client Installation on Mobile Devices

Common app marketplaces, such as Windows Store, Apple App Store, and Google Play Store have their own security processes and models to ensure secure client installation on mobile devices. 42Gears follows the rules each store has set up for publishing SureMDM agent application, Nix.

Secure Client Communication

42Gears uses Secure Sockets Layer (SSL) to secure communication between endpoints and the MDM server. The endpoints include mobile devices based on platforms such as Android, iOS and Windows. 42Gears SureMDM communicates with iOS devices using the Apple Push Notification Service (APNs). SureMDM uses a certificate to communicate to the Apple MDM services, which the admin must download from the Apple Push Certificates Portal. For Android devices, 42Gears uses Google Cloud Messaging, and for Windows devices, 42Gears uses Windows Push Notification Services (WNS).

Identity and Authentication

1. Device Enrollment Authentication
   • 42Gears SureMDM can integrate with any OAuth endpoint for this authentication. This allows 42Gears to use identity services like ADFS, Azure AD, G Suite, Microsoft 365 for device enrollment.
2. Portal Login Authentication
   • By default, 42Gears SureMDM offers its own indigenous user management. But it can also integrate with any SAML2-based identity service to offer seamless Single Sign-On. Azure AD, Okta and OneLogin are few such identity services.
3. Two-Factor Authentication
   • SureMDM can protect admin accounts from password theft by enabling two-factor authentication for owners and co-account owners through Google Authenticator, email, and/or phone number. Once two-factor authentication is enabled, IT admins will be required to provide an additional form of identity proof while logging in, such as a time-sensitive one-time password (OTP).

Payment

1. Payment Gateways- We work with a few commercial payment gateways, such as PayPal, Stripe, Chargify and BlueSnap. Once customers select a payment gateway, they are transferred to systems that are controlled by these service providers for completing the payment. Such payment gateways render payment services as data controllers and comply with all necessary obligations required for processing data under applicable data protection laws and their respective Privacy Notices. We do not store or collect your payment card details in any manner whatsoever.
2. The payment processors we work with are-
   • Stripe- https://stripe.com/us/privacy
   • PayPal- https://www.paypal.com/en/webapps/mpp/ua/privacy-full
   • Plimu- https://home.bluesnap.com/privacy-policy/

UEM Privacy and Data Protection Overview

Application Security Certification

In order to provide secure and reliable products for our customers, we have established security and data protection as fundamental requirements of our products during their entire life cycles.

Security is a core part of our product development activity. During the development of a new product or feature, we conduct a comprehensive threat and risk analysis, and create a specific security requirement for the product/feature and its integration into a complete solution. During the design phase and before release, we ensure product security by comprehensive testing (vulnerability assessment and penetration tests) using OWASP security standards. All the security updates, patches or upgrades  undergo the same rigorous tests, and are only deployed once they are proven to be secure.

Furthermore, all our products are evaluated annually by third-party vendors to ensure product security by abiding various compliance requirements.

Our applications have undergone an external pen test by CyRAACS, one of the Top 10 Cyber Security companies in India.

Notice:

Disable Support for TLS 1.0 & 1.1

42Gears has upgraded its products to support the latest TLS (Transport Layer Security) versions >=1.2, which is considered the safest and most reliable. 42Gears has stopped supporting TLS 1.0 and TLS 1.1 from December 31, 2021. The major attacks that TLS 1.0 and 1.1 are vulnerable to are POODLE and BEAST.

Disclaimer - All 42Gears products support TLS 1.2 and above. Customers who have disabled TLS 1.0 and TLS 1.1 can opt for customer-specific dedicated or on-premise SureMDM deployment if required.

• Privacy Notice
• Terms of Use
• EULA
  • SureMDM On-Premise
  • SureMDM SaaS
  • SureLock
  • SureFox
  • SureVideo
  • AstroContacts
• Disclaimer
• Insurance: 42Gears has relevant insurance policies in place with reputable insurance providers including Commercial General Liability, Technology Errors and Omissions Liability, and Cyber Risk. Upon request and with an NDA in place, 42Gears will make available relevant insurance policies held, their scope, coverage, relevant exclusions and other applicable details.

Security Response Center

42Gears takes the security of its  systems and data privacy very seriously. We constantly strive to make our systems safe for our customers to use. However, in the rare case that a security researcher or member of the general public discovers a security vulnerability in our systems and responsibly shares the details with us, we appreciate their contribution and work closely with them to address any reported issue with urgency. Further, we are happy to acknowledge their contributions publicly in line with the provisions mentioned herein.

Process to report an issue

• E-mail your findings to security-incidents@42gears.com. Please share your contact information with your mobile number.
• Do provide enough information to reproduce the problem (at least the information mentioned in the table is required), so we can resolve it as quickly as possible.
  

  Title of the Vulnerability
  Technical Severity	CVSS Score
  Vulnerability Details	URL / Location of vulnerability (optional)
  Description:
  Attachments	screenshots, videos, exploit code, Burp requests/responses (attach it in the email)

• Do not take advantage of the vulnerability or problem you have discovered, for example by downloading more data than necessary to demonstrate the vulnerability or deleting or modifying other people's data.
• Do not disclose any vulnerabilities found on any public domain or disseminate your findings to any third party unless approved in writing by 42Gears to avoid the legal repercussions.
• Do not use attacks on physical security, social engineering, distributed denial of service, spam, etc.

Acknowledgements

We are not part of a cash/bug bounty program but are happy to issue a certificate of recognition with goodies to individuals who report valid security issues responsibly based on the T&C’s agreed then and help us make 42Gears systems more secure.

Confidentiality and Participation Agreement

What is End Of Life (EOL) for a Product/Version? What's the need to upgrade?

42Gears does not market, sell, deploy, or provide updates to  versions of products that have reached end of life (EOL).  Although the product works, old versions of software inherently have security vulnerabilities that attackers can exploit. Your best defense is to be on software that can receive updates and is free of known vulnerabilities. 

The following listings specify the dates and/or versions by which 42Gears capabilities have already or will, within the next few months, reach their end-of-life (refer to the individual EOL Date).

Product Versions

Item Removed or Discontinued: End of life SureMDM On-premise versions below 6.62.0

Description: Below mentioned SureMDM On-Premise versions will be reaching End of Life (EOL):
v6.07, v6.17, v6.23, v6.31, v6.37, v6.43, v6.49, v6.52 to v6.59

We strongly advise you to upgrade your On-premise build to the below mentioned versions as soon as possible:

1. Recommended SureMDM On-premise version: v6.62.0, Deployment Type: Windows Server
2. Recommended SureMDM On-premise version: v7.21.1, Deployment Type: Kubernetes

The above version includes a number of security updates and new features that will help you to improve your business.

EOL Date: December 20,  2023

Product Features

System Infrastructure