cloud.sr2.uk/docs/link/channels/e2e_channels/supported_handsets.md

---
title: Mobile Devices
sidebar_position: 50
description: E2EE channels require a physical mobile device for operation
---

Signal and WhatsApp channels require a physical mobile device to be set up to create the related accounts, and this
device must be monitored and maintained to ensure the integrity of the end-to-end encryption and the availability of
the channel.

## Fully Managed Devices

We will provide a fully managed Android device to support your use of one Signal and one WhatsApp channel, if desired,
per Link Helpdesk.
Our devices are provisioned with UK mobile numbers (+44 country code) however you can choose your own username and
provide any branding you would like to have set up.
Additional channels will be subject to a fee to cover the additional cost of each required mobile device.

If for any reason you choose to move away from our hosted platform in the future, see [Moving Away](../../moving_away)
for details on porting your number to your new provider.

## Self-Managed Devices

If due to your organisational policies you require to be in posession of the device, it is possible for you to manage
your own devices.
If you require support for these devices, an additional fee will be charged.
As of May 2026 this will be the same fee as is charged for an additional fully managed device. 

:::info
There are no discounts available for self-managing your device as, in our experience, the increased support costs
outweigh the hardware and mobile service costs.
Support provided to self-managed device users is on a best-effort basis. We make no claims regarding expected
response times, time between failures, or time to recovery for any issues.
:::

### Hardware and Configuration

* We only support OEM Google Pixel devices and these must be in current security support
  ([end of life dates](https://endoflife.date/pixel)).
* The device must have a mobile service contract that:
  * has a sufficient monthly allowance for data for operating system and application updates, as well as the messaging
    data which may include audio and video content;
  * allows inbound and outbound calls and SMS; and
  * has a permanently assigned mobile number.
* The device must not be in use for any other purpose and interactions with the device should only be performed for the
  purpose of monitoring and maintenance.
* The device should be managed with a Mobile Device Management (MDM) solution to:
  * automatically install operating system and application updates;
  * restrict the installed apps, which may only be installed when signed with a valid certificate from a trusted app
    store;
  * enforce lock timeouts and strong unlock credential requirements;
  * disable unnecessary features that would otherwise provide attack surface (e.g., WiFi and Bluetooth); and
  * provide remote wipe capability.

### Procedures

* The device:
  * must be continuously connected to the mobile network with data access enabled;
  * must be kept turned on and charged, **using a charging system that does not keep the device connected to power 24 hours a day as this will lead to battery failure and risk of fire**;
  * must have sufficient physical security considerations taken (e.g. kept in locked room when unattended);
  * must not have mobile signal blocked from operation (e.g. do not store it in a metal safe);
  * must have well-documented access control policies in place; and
  * must be restarted once a week.
* Monitor the logs of the MDM to ensure updates are applied.
* Subscribe to security advisories for Android, Signal, WhatsApp and your MDM solution to endure critical and high
  impact vulnerabilities are patched promptly.
* Check channel operation regularly and relink the device if needed.
* Regularly audit the device configuration and procedures, and who can access it.


:::warning
While we can advise you on a configuration for the device, security is a combination of applied configuration,
physical security and formal processes such as regular internal or external audits.
Only your organisation is able to ensure these recommendations are followed when self-managing your device.
For this reason, we do not accept any responsibility related to any security incidents related to your self-management
of the device.
:::
feat: adds page about self-managed handsets 2026-05-23 12:16:53 +01:00			`---`
			`title: Mobile Devices`
			`sidebar_position: 50`
			`description: E2EE channels require a physical mobile device for operation`
			`---`

			`Signal and WhatsApp channels require a physical mobile device to be set up to create the related accounts, and this`
			`device must be monitored and maintained to ensure the integrity of the end-to-end encryption and the availability of`
			`the channel.`

			`## Fully Managed Devices`

			`We will provide a fully managed Android device to support your use of one Signal and one WhatsApp channel, if desired,`
			`per Link Helpdesk.`
			`Our devices are provisioned with UK mobile numbers (+44 country code) however you can choose your own username and`
			`provide any branding you would like to have set up.`
			`Additional channels will be subject to a fee to cover the additional cost of each required mobile device.`

fix: broken link 2026-05-29 12:29:24 +01:00			`If for any reason you choose to move away from our hosted platform in the future, see [Moving Away](../../moving_away)`
			`for details on porting your number to your new provider.`
feat: adds page about self-managed handsets 2026-05-23 12:16:53 +01:00
			`## Self-Managed Devices`

			`If due to your organisational policies you require to be in posession of the device, it is possible for you to manage`
			`your own devices.`
			`If you require support for these devices, an additional fee will be charged.`
			`As of May 2026 this will be the same fee as is charged for an additional fully managed device.`

			`:::info`
			`There are no discounts available for self-managing your device as, in our experience, the increased support costs`
			`outweigh the hardware and mobile service costs.`
			`Support provided to self-managed device users is on a best-effort basis. We make no claims regarding expected`
			`response times, time between failures, or time to recovery for any issues.`
			`:::`

			`### Hardware and Configuration`

			`* We only support OEM Google Pixel devices and these must be in current security support`
			`([end of life dates](https://endoflife.date/pixel)).`
			`* The device must have a mobile service contract that:`
			`* has a sufficient monthly allowance for data for operating system and application updates, as well as the messaging`
			`data which may include audio and video content;`
			`* allows inbound and outbound calls and SMS; and`
			`* has a permanently assigned mobile number.`
			`* The device must not be in use for any other purpose and interactions with the device should only be performed for the`
			`purpose of monitoring and maintenance.`
			`* The device should be managed with a Mobile Device Management (MDM) solution to:`
			`* automatically install operating system and application updates;`
			`* restrict the installed apps, which may only be installed when signed with a valid certificate from a trusted app`
			`store;`
			`* enforce lock timeouts and strong unlock credential requirements;`
			`* disable unnecessary features that would otherwise provide attack surface (e.g., WiFi and Bluetooth); and`
			`* provide remote wipe capability.`

			`### Procedures`

			`* The device:`
			`* must be continuously connected to the mobile network with data access enabled;`
			`* must be kept turned on and charged, using a charging system that does not keep the device connected to power 24 hours a day as this will lead to battery failure and risk of fire;`
			`* must have sufficient physical security considerations taken (e.g. kept in locked room when unattended);`
			`* must not have mobile signal blocked from operation (e.g. do not store it in a metal safe);`
			`* must have well-documented access control policies in place; and`
			`* must be restarted once a week.`
			`* Monitor the logs of the MDM to ensure updates are applied.`
			`* Subscribe to security advisories for Android, Signal, WhatsApp and your MDM solution to endure critical and high`
			`impact vulnerabilities are patched promptly.`
			`* Check channel operation regularly and relink the device if needed.`
			`* Regularly audit the device configuration and procedures, and who can access it.`


			`:::warning`
			`While we can advise you on a configuration for the device, security is a combination of applied configuration,`
			`physical security and formal processes such as regular internal or external audits.`
			`Only your organisation is able to ensure these recommendations are followed when self-managing your device.`
			`For this reason, we do not accept any responsibility related to any security incidents related to your self-management`
			`of the device.`
			`:::`