Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Mobile App Security

            Modified on Thu, 13 Feb at 3:06 PM

            Components and Architecture

            A typical Heed setup includes a Heed server instance and mobile apps for both iOS and Android. These hybrid apps combine native and web components to ensure a smooth, integrated user experience. The apps communicate with the server over the device's network connection to retrieve real-time data.


            iOS App

            The iOS app is a hybrid application designed specifically for iPhones, though iPad and Apple Watch are currently unsupported. It combines both native and web components, such as UI elements like forms and buttons, to offer a seamless experience. The app is available for download directly from the App Store


            Android App

            The Android app follows a similar hybrid approach, combining native and web components for a user-friendly experience. It is available for download from the Google Play Store


            Identity and Access Management

            User Authentication

            Authentication in the mobile app relies on a temporary access code generated by the Heed Authentication Server, which is securely hosted in Amazon Web Services (AWS). Here’s how the authentication process works: 

            1. Users log into their Heed instance and request a temporary mobile code, valid for 5 minutes.
            2. The request is sent to the Heed Authentication Server, which generates the access code and sends it to the user via email.
            3. The request includes the user’s email address and the Heed instance URL, which are securely stored on the Authentication server.
            4. Users log into the mobile app using the code and their email address, with secure authentication against the Authentication server.
            5. Upon successful authentication, the server returns the Heed server URL and an Authorization Grant. The user's data is then deleted from the Authentication server.
            6. The mobile app uses the Access Token for future requests to the Heed server.


            Storage/Keychain

            The Access Token is securely stored on the device using the Keychain on iOS and KeyStore on Android devices. 


            Session Length and Timeout

            Currently, the mobile app does not implement session length or timeout settings. 


            User Termination

            When a user is deleted or disabled, the mobile app will notify them that their account is disabled and log them out of the app. 


            Mobile Data Flow

            Read Data

            When a user requests to view data on the mobile app:

            1. The app sends a request to the Heed server, including the Access Token and any relevant data fields.
            2. The server validates the Token.
            3. If the token is valid, the server fetches the requested data and returns it to the mobile app.


            Writing Data

            When a user updates a field or creates new content (e.g., creating a new Heed):

            1. The app sends the updated data along with the Access Token.
            2. The server verifies the token’s validity and checks user authorization.
            3. If both checks succeed, the server completes the requested action and sends a response to the app.
            4. Based on the response, the mobile app updates the UI accordingly.


            Data Security

            Data at Rest

            User preferences, such as navigation state, selected heed identifier, and filters, are stored locally on the device for caching purposes. Message data (Heeds and notifications) is not stored on the device. 


            Data in Transit

            All data transmitted between the mobile app and the server is secured with SSL/TLS and encrypted via HTTPS


            Push Notifications

            Heed senders can configure push notifications to be delivered to mobile devices according to their preferences. 


            Mobile Security Practices

            Security Patching

            The mobile development team is committed to providing security patches when necessary to maintain the integrity of the app and user data. 


            User Data Collection

            The mobile app does not collect specific user data. Any actions performed by users, such as creating or modifying a Heed, are stored on the Heed application servers. User credentials are never saved on the device. 


            Shared Data

            The mobile app does not share any data with third parties. All user data is kept secure and stored within the Heed platform, ensuring privacy and compliance with data protection standards. 


            Incident Reporting

            Any issues or bugs related to the mobile app can be reported by raising a support ticket directly in the app or through the support portal. This ensures that any concerns are promptly addressed by the support team. 

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0