Security Features

The following security features are used in Android and iOS:

• In addition to the device pin, an app passcode lock is offered (incl. biometric methods). See chapter “App Passcode”.
• HTTPS with certificate validation is required. The used certificates must be trusted in the system.
• The download and synchronization mechanism excludes certain objects:
  • COODESK@1.1:IsSynchronizableOnWorkplace: If this method returns false for an object, its contents are not synchronized to the device, but they may be downloaded and cached.
  • COODESK@1.1:IsReadableOnWorkplace: If this method returns false for an object, its contents are not synchronized to the device and the contents cannot leave the temporary app storage, therefor the contents cannot be opened in any third-party app. Even if the method returns false, contents may be downloaded and immediately removed after usage (e.g. document preview).

Note: For example the method COODESK@1.1:IsReadableOnWorkplace returns false for objects contained in Teamrooms where the setting “Restrict the Downloading or Opening of Content on the Device” has been configured.

Android

The following additional security features are used in Android:

• App data (databases and files) is stored in the "internal storage" (sandboxed). No third-party app can access the files.
• Log files are stored in the "internal storage" (sandboxed). No third-party app can access the files. Log files can be attached to support requests.
• From Android 10, file-based encryption is activated by default, i.e. all data is stored in encrypted form (see https://source.android.com/security/encryption/file-based: new window).
• FLAG_SECURE is used, which will prevent taking screenshots of the app or the preview view in the Task Manager (see https://developer.android.com/reference/android/view/WindowManager.LayoutParams#FLAG_SECURE: new window).
• App data is excluded from all Google Drive backups (see https://developer.android.com/guide/topics/manifest/application-element#allowbackup: new window, https://developer.android.com/guide/topics/manifest/application-element#fullBackupContent: new window and https://developer.android.com/guide/topics/manifest/application-element#dataExtractionRules: new window).
• Root detection attempts to detect rooted devices or devices from untrusted manufacturers and to prevent the execution of the app.

iOS

The following additional security features are used in iOS:

• App data (databases and files) is stored in the app group container (sandboxed). Only apps/extensions in the same group can access them.
• Log files are stored in the app group container (sandboxed). Only apps/extensions in the same group can access them. Log files can be attached to support requests.
• Temporary app data is stored in the “tmp” directory of the app/extension (sandboxed). No third-party app can access the files.
• Data is encrypted using the iOS Data Protection feature (see https://support.apple.com/en-gb/guide/security/secf6276da8a/web: new window). The following protection modes are used:
  • The mode NSFileProtectionComplete is used for everything except the data mentioned below.
  • The mode NSFileProtectionCompleteUnlessOpen is used for the databases, selected temporary files and log files.
  • The mode NSFileProtectionCompleteUntilFirstUserAuthentication is used for files that are uploaded. This is required due to background uploading.
• When the app is switched to the background, the preview image of the app in the task manager is made unrecognizable with a blur effect.
• App data is excluded from all iCloud backups (see https://developer.apple.com/documentation/foundation/nsurlisexcludedfrombackupkey: new window).
• Jailbreak detection attempt to detect jailbroken (rooted) devices and prevent the app from running.