Home Compliance & Certification Mobile Secure Configuration Screenshot Guide

Mobile Secure Configuration Screenshot Guide

Last updated on Dec 09, 2025

1. Purpose of This Guide

Mobile devices (phones, tablets) often access company email, files, apps, and sensitive data. If they’re lost, stolen, or compromised, attackers shouldn’t be able to stroll right in.

This artefact demonstrates that your organisation configures mobile devices securely, specifically showing that:

  • Devices are not jailbroken or rooted

  • Passcodes / biometric locks are enabled

  • Automatic screen lock activates after 2 minutes of inactivity

  • Apps are installed only from official app stores (no sideloading)

This helps auditors confirm your mobile fleet isn’t the soft underbelly of your defences.

2. What You Will Submit

Upload one or more screenshots showing:

  • Device Settings → Passcode / Screen Lock is enabled

  • Auto-lock or screen timeout = 2 minutes (or less)

  • Device status page confirming it is not rooted/jailbroken

  • App Store / Google Play as the only allowed source for apps
    (e.g., “Unknown Sources: Off”)

Each screenshot should be from a representative corporate device (company-owned or BYOD enrolled in your policy).

3. How to Collect / Obtain / Generate This Evidence

Below are the simplest ways to capture the required screenshots on iOS and Android.

A. Apple iOS / iPadOS Devices

1. Passcode Enabled

Go to:
Settings → Face ID & Passcode
Screenshot the top of the screen showing:

  • “Turn Passcode Off” (this proves a passcode is currently enabled)

2. Auto-Lock = 2 Minutes

Go to:
Settings → Display & Brightness → Auto-Lock
Screenshot showing “2 Minutes” or any shorter value (1 min).

3. Device Not Jailbroken

iPhones do not display a “jailbroken” status, so auditors will accept:

  • A screenshot of Settings → General → About showing normal OS version and no jailbreak indicators.

  • Optional: Screenshot of Settings → General → VPN & Device Management showing standard profiles (if any).

4. Official App Store Use

iOS does not permit sideloading unless jailbroken.
A screenshot of Settings → Screen Time → Content & Privacy Restrictions → iTunes & App Store Purchasesproving apps are only installed from the App Store is sufficient.

B. Android Devices (Samsung, Google Pixel, Oppo, Xiaomi, etc.)

1. Screen Lock / Passcode Enabled

Go to:
Settings → Security → Screen Lock
Screenshot showing:

  • “PIN enabled”, “Pattern enabled”, or “Fingerprint + PIN”

2. Auto-Lock = 2 Minutes

Go to:
Settings → Display → Screen timeout
Screenshot showing 2 minutes.

3. Device Not Rooted

Go to:
Settings → About Phone → Status / Device Status
Screenshot showing:

  • “Official” or “Certified”

  • OR the Google Play Protect certification page:
    Settings → Google → Device certification

Many devices show: “Device status: Official” → this is accepted evidence.

4. No Sideloading of Apps

Go to:
Settings → Security → Install unknown apps
Ensure the toggle for sideloading is OFF for all apps.
Screenshot the page showing:

  • “Allowed from this source: Off”
    or

  • A global policy preventing unknown sources.

C. If You Use MDM (Mobile Device Management)

(Microsoft Intune, Google Endpoint Management, MobileIron, Jamf, etc.)

You may provide:

  • Screenshot of the device compliance report

  • Screenshot of the MDM policy showing screen lock + timeout rules

  • Screenshot showing the device is compliant

This method is highly recommended for organisations with >5 mobile users.

4. Evidence Format

Accepted File Types:

  • PNG

  • JPG

  • PDF

Suggested Naming Convention:
YourCompanyName_MobileSecureConfig_YYYY-MM-DD

Example:
AcmeClinic_MobileSecureConfig_2025-03-15.png

5. What “Good” Looks Like

A strong submission contains:

  • At least 2-3 screenshots covering:

    • Passcode enabled

    • Auto-lock timer

    • Not rooted/jailbroken

    • Official app installation only

  • Clear time and device context
    The screenshot should show the settings menu and labels.

  • Representative device
    You do not need screenshots for every staff device — just one example device used in the organisation.

  • Optional (but excellent):
    Evidence from your MDM showing compliance.

This proves that mobile devices in your environment cannot be easily exploited or misused.

6. Tips

  • Redact personal details if needed (phone number, Apple ID, Google account).

  • If your business does not use mobile devices for work, you may mark this clause as Not Applicable.

  • If BYOD is allowed, ensure staff configure their devices securely before connecting to company systems.