All the data on the device is stored in a sandbox without the possibility for other apps to access it (unless the device is jailbroken/rooted, which usually requires physical access to the device). On Android, you can enable data encryption as of Android Gingerbread (2.3.x). Companies can also enforce Google device policies to ensure that the data on Android devices is secured. On iOS, data encryption is enabled by default and cannot be disabled.
In addition to the file system encryption of the operating systems, Jedox Mobile stores all documents downloaded to the device with 256-bit AES encryption. If you allow the app to store user data (like credentials), this data is stored in an encrypted Realm database. On iOS, passwords are stored in the system keychain, which is again protected by the system’s security and the device password.
Jedox Mobile supports HTTP as well as secure (encrypted) HTTPS connections. We strongly discourage users from using unencrypted HTTP connections in a production environment.
Please note that wildcard certificates (e.g. *.domain.tld) are not supported by Jedox Mobile.
Jedox Mobile doesn’t communicate with the Jedox In-Memory DB directly, but through Jedox Web, which adds another layer of security between the mobile devices and the data. Jedox Mobile uses JSON to communicate with Jedox Web, so no external RPC or RMI calls are needed.
Jedox Mobile uses the credentials given by and configured in Jedox Web. The credentials are stored encrypted in the Jedox In-Memory DB. In order to log in, Jedox Mobile sends the credentials entered by the app user to the Jedox Web instance, which then decides whether the user gets access to the data or not.
Jedox Mobile uses the user rights given by and configured in Jedox Web. Administrators can choose which users get access to the server via the app, and which actions they may take inside the app, such as adding or changing ad-hoc-reports, viewing reports, etc.