Crowdstrike on Mobile Frequently Asked Questions

1) What is CrowdStrike Falcon and why do I need it on my device?

CrowdStrike Falcon is our company’s Endpoint Detection and Response (EDR) platform. It helps prevent malware, ransomware, and other threats by monitoring suspicious activity and blocking attacks.
If you use your personal device to access company email, files, apps, or VPN, installing Falcon is required to protect both the company and you against targeted threats and credential theft.

2) Which devices are covered?

  • Laptops/desktops: Windows 10/11, macOS (latest two major releases recommended).
  • Mobile: iOS/iPadOS (latest 2 versions), Android (latest 2 versions).

Note: iOS/Android typically use Falcon for Mobile delivered via our Intune or via a secure app store link. Laptops/desktops use the Falcon sensor (agent).

3) What data does CrowdStrike collect from my device?

CrowdStrike collects security telemetry and process/activity indicators required to detect and block threats. Examples include:

  • Process/file execution metadata and hashes
  • Security-relevant registry/launchd/services data
  • Network connection metadata (e.g., destination IP/domain, process making the connection)
  • OS and sensor health/versions
  • Alerts, detections, and remediation events

It does not collect your personal content such as:

  • Personal photos, videos, or documents
  • Personal email/text content
  • Keystrokes or password contents
  • Personal banking data, health data, or unrelated app content

Important: Telemetry is contextual and security-focused, not content-focused. We use policy to restrict collection to what’s necessary for security operations.

4) Can IT see my personal files, photos, or browsing history?

No. IT cannot browse your personal files or photo libraries, read personal messages, or view your full browser history. Falcon focuses on security signals (e.g., process metadata, suspicious behaviors) rather than the content of your private data.

5) Will the company control or wipe my entire device?

No. We do not take ownership of your device.

  • For laptops/desktops, we install the Falcon sensor only.
  • For mobile, we use MDM with a work profile or app-level management (when available). We may perform a selective wipe of corporate data (work profile/apps) if you leave the company or if the device is lost/stolen. We do not factory-reset BYOD devices.

6) What actions can CrowdStrike take on my device?

Depending on severity and policy, Falcon may:

  • Block/quarantine malicious files/processes
  • Kill malicious processes
  • Network contain the device (restrict corporate network access) during active incident response
  • Generate alerts for our SOC for follow-up

We use least privilege and case-by-case response guided by our incident response playbooks.

7) Will CrowdStrike slow down my device or drain the battery?

Falcon is designed to be lightweight:

  • CPU/Memory: Minimal during normal operation, brief spikes during detections or sensor updates.
  • Disk: Low footprint; no heavy signature downloads (Falcon leans on cloud analytics + ML).
  • Battery: Mobile impact is typically small; device-native power-saving is respected.

If you notice performance issues, contact [IT/SOC contact or help desk link]—we’ll investigate exclusions or conflicts.

8) Will Falcon conflict with my antivirus?

  • Antivirus: Falcon can run alongside many AV tools, but we recommend not running multiple real-time AV engines simultaneously. If you insist on another AV, tell IT—we’ll advise or set exclusions.

9) What about privacy on shared family devices?

If others use the same device:

  • Falcon’s telemetry is security-only and does not capture personal content.
  • However, if the device is compromised through another user’s activity, Falcon may block the threat or contain the device to protect corporate resources.
  • Consider a separate OS user account for work vs. personal.

10) What policies apply to BYOD with Falcon?

BYOD participants agree to:

  • Install and keep Falcon active and updated
  • Maintain OS updates and basic security settings (e.g., disk encryption, screen lock)
  • Allow incident response actions on the device only to the extent needed to protect corporate data
  • Report suspected compromise or unusual prompts immediately

See Personally Owned Mobile Device and Acceptable Use Policies.

11) What happens if I don’t install Falcon?

Access to corporate email, VPN, apps, and files will be blocked until the device meets security requirements. Repeated non-compliance can lead to access revocation per the Personally Owned Mobile Device Policy.

12) What permissions will the mobile app request and why?

  • Device posture & OS info: Ensure your device meets security requirements
  • Network metadata: Detect and block malicious connections
  • Notification/Accessibility (Android variants): Improve threat visibility (not keystroke logging)
    We request the minimum privileges necessary to protect corporate data.

13) Can I pause, disable, or uninstall Falcon?

  • While actively using corporate resources: No—that violates policy.
  • When leaving the company: Open a ticket with within TDX to selectively remove corporate profiles/apps (mobile) or uninstall the desktop sensor.

14) What happens if Falcon detects malware on my personal device?

  • Falcon will attempt to block/quarantine the threat.
  • Our IT Security Analyst may contact you for context and next steps.
  • Severe cases may require temporary network containment to prevent data loss.
  • You’ll receive clear instructions on remediation—our goal is to fix the issue quickly with minimal disruption.

15) What does “Network Containment” mean for BYOD?

If your device is contained, it will lose access to corporate networks/services (and may block certain outbound connections) while we investigate. You can still reach through a TDX ticket or to the IT Security Analyst. Once cleared, containment is lifted.

16) What if my device is lost or stolen?

Notify infrastructure immediately.

  • Mobile: We may selectively wipe corporate data/apps.
  • Laptops/desktops: We may revoke access tokens and monitor for malicious use.

    Work with Stellar IT to file a police report for corporate devices. Reports for personal devices must be filed by the user.

17) How is my privacy protected contractually?

  • Our BYOD Agreement and Privacy Notice strictly limit use of telemetry to security purposes.
  • We maintain access controls, role-based permissions, and audit logs for investigations.

18) Does Falcon inspect my personal cloud apps (e.g., personal Gmail/Drive)?

No. Falcon does not read your personal emails or cloud content. It may see process and connection metadata (e.g., that a browser process established a connection), but not the contents of your personal communications or files.

19) Will this affect my personal VPN or ad-blockers?

Typically no. If your personal VPN or filtering tool interferes with corporate access or sensor updates, we’ll advise safe coexistence settings or exclusions.

20) What about developer tools or security tools I run personally?

Some developer runtimes (e.g., Python, node, Docker) and security tools (e.g., nmap) can trigger detections if misused by malware. If you need them for personal work, let Stellar IT know so we can tune detections/exclusions without weakening protection for corporate resources.

21) How do updates work?

  • Falcon updates are automatic and usually silent.
  • Keep your OS and browsers up to date—noncompliant devices may lose access until updated.

22) Who do I contact for help?

  • Installation issues, performance problems, or detections: submit a ticket on TDX
  • Privacy questions: Contact Stellar IT
  • Policy appeals/exceptions: Contact Stellar IT

 

Print Article