2024 Update Rollup 2

Security FeaturesPermanent link for this heading

The following security features are used in Android and iOS:

  • In addition to the device pin, an app passcode lock is offered (incl. biometric methods). See chapter “App Passcode”.
  • HTTPS with certificate validation is required. The used certificates must be trusted in the system.
  • The download and synchronization mechanism excludes certain objects:
    • COODESK@1.1:IsSynchronizableOnWorkplace: If this method returns false for an object, its contents are not synchronized to the device, but they may be downloaded and cached.
    • COODESK@1.1:IsReadableOnWorkplace: If this method returns false for an object, its contents are not synchronized to the device and the contents cannot leave the temporary app storage, therefor the contents cannot be opened in any third-party app. Even if the method returns false, contents may be downloaded and immediately removed after usage (e.g. document preview).

Note: For example the method COODESK@1.1:IsReadableOnWorkplace returns false for objects contained in Teamrooms where the setting “Restrict the Downloading or Opening of Content on the Device” has been configured.

AndroidPermanent link for this heading

The following additional security features are used in Android:

iOSPermanent link for this heading

The following additional security features are used in iOS:

  • App data (databases and files) is stored in the app group container (sandboxed). Only apps/extensions in the same group can access them.
  • Log files are stored in the app group container (sandboxed). Only apps/extensions in the same group can access them. Log files can be attached to support requests.
  • Temporary app data is stored in the “tmp” directory of the app/extension (sandboxed). No third-party app can access the files.
  • Data is encrypted using the iOS Data Protection feature (see https://support.apple.com/en-gb/guide/security/secf6276da8a/web: new window). The following protection modes are used:
    • The mode NSFileProtectionComplete is used for everything except the data mentioned below.
    • The mode NSFileProtectionCompleteUnlessOpen is used for the databases, selected temporary files and log files.
    • The mode NSFileProtectionCompleteUntilFirstUserAuthentication is used for files that are uploaded. This is required due to background uploading.
  • When the app is switched to the background, the preview image of the app in the task manager is made unrecognizable with a blur effect.
  • App data is excluded from all iCloud backups (see https://developer.apple.com/documentation/foundation/nsurlisexcludedfrombackupkey: new window).
  • Jailbreak detection attempt to detect jailbroken (rooted) devices and prevent the app from running.