All data on the device is stored in a sandbox without the possibility for other apps to access this data (unless the device is jailbroken/rooted, which usually requires physical access to the device). On Android, the user can enable data encryption as of Android Gingerbread (2.3.x). Companies can also enforce Google device policies to ensure that the data on Android devices is secured. On iOS, data encryption is enabled by default and can’t be disabled.
In addition to the file system encryption of the operating systems, Jedox Mobile stores all documents downloaded to the device with 256-bit AES encryption. If the user allows the app to store user data (like credentials), this data is stored in an encrypted Realm database. On iOS, passwords are stored in the system keychain, which is again protected by the system’s security and the device password. On the backend side, user credentials are stored MD5 hashes in the Jedox OLAP Server.
Jedox Mobile supports HTTP as well as secure (encrypted) HTTPS connections. We strongly discourage users from using unencrypted HTTP connections in a production environment.
Please note that wildcard certificates (e.g. *.domain.tld) are not supported by Jedox Mobile.
Jedox Mobile doesn’t communicate with the Jedox OLAP Server directly, but through Jedox Web, which adds another layer of security between the mobile devices and the data. Jedox Mobile uses JSON to communicate with Jedox Web, so no external RPC or RMI calls are needed.
Jedox Mobile uses the credentials given by and configured in Jedox Web. The credentials are stored encrypted in the Jedox OLAP Server. In order to logon, Jedox Mobile sends the credentials entered by the app user to the Jedox Web instance, which then decides whether the user gets access to the data or not.
Jedox Mobile uses the user rights given by and configured in Jedox Web. Administrators can choose which users gets access to the server via the app, and which actions they may take inside the app, such as adding or changing ad-hoc-reports, viewing reports, etc.