Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Secturity and compliance standards for our mobile applications

            Created by Alex C, Modified on Mon, 22 Dec, 2025 at 7:44 PM by Alex C

            While the applications are primarily WebView-based clients that securely interact with our backend platform, we apply the same standards and processes as we do across our infrastructure to ensure security, data protection, and compliance.

            Application Architecture & Security Measures

            • Authentication & Biometrics: The applications integrate with the platform’s authentication service and optionally support device-level biometrics (Face ID / Touch ID) through secure OS APIs. No biometric data is stored or processed by the application itself.
            • Data Transmission: All communications between the app and backend servers are encrypted end-to-end using TLS 1.2/1.3 with strong cipher suites. We enforce HSTS and certificate validation to mitigate MITM risks.
            • Data Storage: The application does not persist sensitive user credentials locally. Session tokens are stored in the device’s secure storage (Keychain on iOS, Keystore on Android).
            • Push Notifications: Delivered via Apple Push Notification Service (APNs) and Firebase Cloud Messaging (FCM), with payloads limited to non-sensitive metadata. Sensitive information is never transmitted via notification payloads.

            Ongoing Security Practices

            • Regular Patching & Updates: The app dependencies and build environments are reviewed regularly, and OS-level updates are incorporated to mitigate emerging vulnerabilities.
            • Code Reviews & Secure Build Process: All releases go through peer code reviews, automated build pipelines, and integrity checks before being published to the App Store and Google Play.
            • Vulnerability Monitoring: We monitor upstream libraries and frameworks for CVEs, and promptly apply security patches.
            •  Penetration Testing / QA: The web application (consumed within the WebView) undergoes regular penetration testing and security review as part of our wider platform assurance process.
            • Access Controls: Backend access is restricted by role-based policies, MFA enforcement, and network-level security controls.

            Documentation & Policies

            We follow industry best practices guided by OWASP Mobile Application Security Verification Standard (MASVS) and OWASP Top 10. If required, we can provide additional documentation outlining our policies on:

            • Secure development lifecycle (SDLC) practices
            • Data protection & privacy compliance (GDPR-ready)
            • Incident response & patch management

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0