Data Center & Security Infrastructure
AirDroid uses Amazon Web Services to host our cloud infrastructure, products, and services, so that we're able to provide our customers and users with a secure network and computing environment. These protection and security measures include firewalls at the network, application and instance layers, data encryption, DDoS mitigation, and more. In addition, all servers storing sensitive data are located in Silicon Valley and Germany.
All AirDroid servers are placed in secure data centers compliant with ISO 27001. The data centers used by AirDroid have implemented first-class security control, which means that personal access control, camera monitoring, motion detectors, 24/7 all-day monitoring, and on-site security will ensure that only authorized personnel can enter the data center. The highest security standards are applied to hardware and data protection. The single entry point of the data center also has detailed identification check protocols. All of these measures work together to ensure the highest security standards for hardware and data protection.
Session Encryption & Authentication
When establishing a session, AirDroid will determine the best connection type. After the server completes the handshake, 80% of all connections will utilize the TLS tunnel (https or wss), while the rest connects via TCP or UDP.
AirDroid’s communication utilizes RSA public/private keys as well as AES (256-bit) session encryption that is similar to https/SSL, and is compliant with all current security standards.
Since the private key never leaves the client computer, this process ensures that the system, including the AirDroid routing server, cannot decrypt the data stream; therefore even AirDroid as the server owner, cannot read the encrypted data.
Web Applications Firewall
AirDroid uses a variety of tools to monitor potential attacks, including web applications and network-level firewalls. In addition, AirDroid also uses Distributed Denial of Service (DDoS) to prevent brute force attacks in order to help protect your site and access to AirDroid products.
Data Security
AirDroid values each of our user’s data security, including the security of database management and data storage.
Database Security & Management
Regarding database security and management, our developers and system administrators continuously follow the following database and security measures outline:
1. Set restriction policies to allow only authorized system administrators and agents to access our servers.
2. Set a strict security access authority strategy, coupled with security audit functionality to record server-related events in real time.
3. Reinforce identity protection with 2FA (two-factor authentication).
4. Our firewall only allows ports 80 (HTTP) and 443 (HTTPS), also with bandwidth limits for download and upload. All of the visits are recorded and monitored.
5. TLS encryption is used for all communications between servers and databases.
Data Store Security
Regarding the security of data storage, AirDroid can achieve the following specifications:
1. Password policy: The passwords aren't stored in plain text and are encrypted using one-way hashing. We also recommend our users to follow different levels of password security: low, medium, and high, as well as specifying your own custom password rules.
2. Login security: We protect user logins from brute force attempts by putting a cap on bandwidth for each session.
3. Logging: Passwords and sensitive data will be excluded from our system logs.
4. Analytics: Our analysis tools have IP anonymization implemented to protect user privacy.
5. Backups: Our backups are encrypted and stored separately. These backups will be deleted automatically as part of data lifecycle management.
6. Content delivery network (CDN): We use Amazon CloudFront as a CDN to distribute APKs uploaded to users' remote devices as a mechanism to reduce load times for our servers. Note that this may require files to be replicated across different edge servers.
7. Material resources: The uploaded APK and images are stored in Amazon S3.
8. HTTPS: We use HTTPS as our standard security protocol, certificates, and forward secrecy. We also prevent misuse for certificates by having Certification Authority Authorization (CAA) records for AirDroid domains.
9. Payment: Your payment information and credit card records are not stored on our servers. We've partnered with trusted 3rd-party firms like PayPal and Stripe that are Payment Card Industry Data Security Standard (PCI) compliant to process payments for our customers.
Code Signing
All of our Windows clients are signed by Comodo Code Signing, which guarantees that the software has not been changed since it was signed, preserving authenticity and integrity. If the software is modified after signing, the digital signature will automatically become invalid, notifying the user that the software has been tampered with.
General Data Protection Regulation (GDPR)
With the General Data Protection Regulation promulgated by the European Union formally taking effect, data protection has become an increasingly important aspect of our lives. As a global company, AirDroid cares about the data privacy and security of each user. We handle your data privacy strictly in accordance with the requirements of the GDPR. For more details about AirDroid’s GDPR, please visit https://www.airdroid.com/legal/privacy.html.
Vulnerability Assessment
AirDroid continuously tests against potential vulnerability by running static code analysis and infrastructure vulnerability scans.
Penetration Testing
AirDroid works with 3rd-party penetration testing firms to test AirDroid products and our fundamental infrastructure several times on a yearly basis.
AirDroid Business - Security Features
AirDroid's commercial products are specifically designed to provide IT managers with complete control over data protection, while enabling the flexibility for employees to access data from anywhere. They are particularly suitable for industries that have strict legislation and compliance regulations. Security features of AirDroid Business provide the following but are not limited to:
1. Sign in with 2-factor authentication (2FA)
2. Device Lockdown (Kiosk mode) to prevent user abuse
3. Restricted access for remote control
Clients' Responsibilities
At AirDroid we work hard to ensure that all our client and end-user data is stored securely, and client privacy is always in the first place. To better secure the data, Clients' Responsibilities is wriiten to let our customers understand their roles and responsibilities in preventing data loss.
Client System Security: Clients should ensure that their data is stored and accessed in a secure manner to prevent data theft within the standards and conventions specific to their industry. Clients should also educate their end users about using technology in a safe and responsible manner.
Transfer of Data: Clients transferring sensitive data to AirDroid should do so through secure means such as TLS.
Role-Based Access Controls: Clients using AirDroid services are responsible for taking steps to ensure that users are assigned to the correct security roles and permissions.
Client Active Accounts: Clients with access to AirDroid products are responsible for ensuring that their accounts are named accounts, and password complexity and expiration policies are configured.
User Population Management: Clients utilizing AirDroid software or services are responsible for the deactivation of AirDroid's user accounts when notified any changes in personnel responsibilities and/or changes in employment status.
Reporting Security Issues
Keeping our clients' data secure is very important to us and we encourage the responsible reporting of security issues and software vulnerabilities in any of our products or services. To report security issues, you can send an e-mail to success@airdroid.com. Please provide a complete description of the issue, resources, tools, and methods used to reproduce the issue so that our team can analyze, validate, and implement any needed repairs. Reported issues will receive a timely response indicating that we have received your request and provide information for additional next steps if any should exist.
Principle of the Prohibition of Misuse and Abuse
In order to keep our services operating smoothly and fast, we need help from you, our customers, to not misuse or abuse our products and services.
To further elaborate on what exactly we meant by “misuse” or “abuse” and help us understand the transgressions and react accordingly – we have created this Principle. Under the provision of this principle we reserve the right to remove user accounts and ban IPs which are inconsistent and incompatible with the spirit of the guidelines of this principle, even if it is something that is not outright forbidden by the letter of this principle.
All the services mentioned in this page refer to all the websites created and operated by AirDroid as well as any hosted services operated by AirDroid.
Disruption
• Compromising the integrity of our systems, including probing, scanning, or testing the vulnerability of any system or network unless otherwise authorized to perform such activities.
• Reverse-engineering, tampering with, or hacking our services, bypassing any security protocols or authentication measures, unlawfully attempting to gain unauthorized access to customer accounts, services, networks, and data.
• Overwhelming or attempting to overwhelm our infrastructure or systems by imposing an unreasonably large load that consumes extraordinary resources (RAM, CPU, bandwidth etc).
Wrongful Activities
• “Phishing”, “spoofing”, misrepresentation of yourself or falsely implying any association with AirDroid
• Using the services to violate the privacy of others, including phishing, posting other people’s confidential information without prior consent or collecting and gathering personally identifiable information about our users from our services.
• Using our services to stalk, harass, or post direct or specific threats of violence against others.
• Using the services for any illegal purpose, or in violation of law (including without limitation, data, privacy and export control laws).
• Accessing, copying content, or searching our services by any means other than our publicly supported interfaces
In such cases, AirDroid will retain all of its legal rights.