Mobile App Security and Encryption Overview
The Metric Insights mobile apps follow all best practices related to security and encryption. Both apps store as little information on the phone as possible: Metadata about each object is stored to generate the list in the "Analyst Insights" homepage view, and Metric data is stored for rendering Metrics in more recent versions. Images and Dataset Reports (stored as PDF files) are stored locally in sandboxed directories that cannot be accessed by other applications.
Both iOS and Android support biometric authentication via Touch ID / fingerprint scanning.
Communication and Authentication
iOS and Android apps use the same basic approaches for communication and authentication:
- The apps use HTTPS for all our requests to the Metric Insights server
- The apps do not save any passwords, only authorization tokens with a limited lifetime
- The apps will work with common mobile VPN clients
Data Storage
Across both iOS and Android, images and cached data are stored locally in the application’s sandboxed (isolated) documents directory that cannot be accessed by other applications or the phone's owner. The application stores the user's:
- name
- server-url
- token
- list of all objects available to the logged in user (only what the user has been specifically granted access to)
- data from any Element (Metric Insights object) that has been opened/viewed, including:
- all chart data for Metrics
- PDFs generated to display Reports and External Reports
- thumbnail preview images for all Elements
There is no purge or garbage collection process for periodically clearing old data. When a user opens the same Element again, the data is updated.
More information on secured/sandboxed directory in the Android system folder
Using an MDM/EMM will provide an additional layer of security (data encryption, remote wiping, etc) depending on the platform and its specific features.