sr2/cloud.sr2.uk
6
0
Fork 1
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
cloud.sr2.uk/docs/link/e2e_channels/supported_handsets.md
irl 0d6676a154
Some checks failed
ci / build_and_publish (push) Failing after 1m39s
Details
feat: adds page about self-managed handsets
2026-05-23 12:17:07 +01:00

77 lines
No EOL
4.2 KiB
Markdown
Raw Permalink Blame History

---
title: Mobile Devices
sidebar_position: 50
description: E2EE channels require a physical mobile device for operation
---
Signal and WhatsApp channels require a physical mobile device to be set up to create the related accounts, and this
device must be monitored and maintained to ensure the integrity of the end-to-end encryption and the availability of
the channel.
## Fully Managed Devices
We will provide a fully managed Android device to support your use of one Signal and one WhatsApp channel, if desired,
per Link Helpdesk.
Our devices are provisioned with UK mobile numbers (+44 country code) however you can choose your own username and
provide any branding you would like to have set up.
Additional channels will be subject to a fee to cover the additional cost of each required mobile device.
If for any reason you choose to move away from our hosted platform in the future, see [Moving Away](./moving_away) for
details on porting your number to your new provider.
## Self-Managed Devices
If due to your organisational policies you require to be in posession of the device, it is possible for you to manage
your own devices.
If you require support for these devices, an additional fee will be charged.
As of May 2026 this will be the same fee as is charged for an additional fully managed device.
:::info
There are no discounts available for self-managing your device as, in our experience, the increased support costs
outweigh the hardware and mobile service costs.
Support provided to self-managed device users is on a best-effort basis. We make no claims regarding expected
response times, time between failures, or time to recovery for any issues.
:::
### Hardware and Configuration
* We only support OEM Google Pixel devices and these must be in current security support
([end of life dates](https://endoflife.date/pixel)).
* The device must have a mobile service contract that:
* has a sufficient monthly allowance for data for operating system and application updates, as well as the messaging
data which may include audio and video content;
* allows inbound and outbound calls and SMS; and
* has a permanently assigned mobile number.
* The device must not be in use for any other purpose and interactions with the device should only be performed for the
purpose of monitoring and maintenance.
* The device should be managed with a Mobile Device Management (MDM) solution to:
* automatically install operating system and application updates;
* restrict the installed apps, which may only be installed when signed with a valid certificate from a trusted app
store;
* enforce lock timeouts and strong unlock credential requirements;
* disable unnecessary features that would otherwise provide attack surface (e.g., WiFi and Bluetooth); and
* provide remote wipe capability.
### Procedures
* The device:
* must be continuously connected to the mobile network with data access enabled;
* must be kept turned on and charged, **using a charging system that does not keep the device connected to power 24 hours a day as this will lead to battery failure and risk of fire**;
* must have sufficient physical security considerations taken (e.g. kept in locked room when unattended);
* must not have mobile signal blocked from operation (e.g. do not store it in a metal safe);
* must have well-documented access control policies in place; and
* must be restarted once a week.
* Monitor the logs of the MDM to ensure updates are applied.
* Subscribe to security advisories for Android, Signal, WhatsApp and your MDM solution to endure critical and high
impact vulnerabilities are patched promptly.
* Check channel operation regularly and relink the device if needed.
* Regularly audit the device configuration and procedures, and who can access it.
:::warning
While we can advise you on a configuration for the device, security is a combination of applied configuration,
physical security and formal processes such as regular internal or external audits.
Only your organisation is able to ensure these recommendations are followed when self-managing your device.
For this reason, we do not accept any responsibility related to any security incidents related to your self-management
of the device.
:::
Reference in a new issue View git blame Copy permalink