How to Enable Secure Offline Access to Encrypted Data

Last updated April 17, 2023 by Appdome

Mobile TOTALData Encryption is used to protect data stored within a mobile app. Smart Offline Handling is an extension to Appdome TOTALData Encryption, which allows developers of apps that require authentication to enable non-authenticated access to some of the files that the app generates.

This Knowledge Base article describes Appdome’s Smart Offline Handoff feature and explains how to add it to any mobile app as part of a comprehensive mobile Data Loss Prevention (DLP) solution.

We hope you find this knowledge base useful and enjoy using Appdome!

About Appdome Smart Offline Handoff 

Security-conscious developers sometimes may want to restrict access to offline data or to introduce additional security requirements on users in order to grant offline access. For example, to only allow offline access after successful authentication with a remote server. They also may want to limit offline access to the data to a certain time-frame or require additional authentication.

With Appdome TOTALDataTM Encryption, all data stored inside the mobile app (including media files) is encrypted at run-time using industry-standard AES 256  cryptographic protocols. When the Appdome Smart Offline Handoff option is enabled, Appdome decrypts the app’s data only after the user successfully authenticates. Additionally, the developer can specify a folder for offline file access, along with the required conditions that must be met in order to permit offline access to the data  (for example the required conditions may include a time expiration, or require additional authentication, such as Pincode/ biometric authentication). 

Prerequisites for using Appdome’s Smart Offline Handoff 

Adding Appdome Smart Offline Handoff to your app also requires Appdome DEV-Events ™, to be enabled in your code. The DEV-Events will inform Appdome on when and how to enable offline access to the app’s files.

Appdome DEV-Events Structure

Each Appdome DEV-Event is a set of key/value dictionary. Both key and value are strings: Java Strings, for Android App and NSString for iOS Apps.

EventID Event Fields
OfflineFolderAccessed
  • timestamp – the UNIX epoch timestamp of the event
  • action – which action took place:
    • expired – offline key has expired
    • noSecret – user tried to access a file in the offline folder without providing offline secret
    • accessNoLocalAuth – the user was granted access with saved secret without local authentication
    • pincode – the user was granted access with local authentication by Pincode

iOS

How to enable Appdome’s offline access to the app’s files: 

    NSString* onlineToken = @“myonlinetoken";

    NSString* offlineToken = @“myofflinetoken";

    NSMutableDictionary *userInfo = [[NSMutableDictionary alloc] init];

    [userInfo setObject: onlineToken forKey: @"onlineSecret"];

    [userInfo setObject: offlineToken forKey: @"offlineSecret"];

How to Follow and Receive Appdome DEV-Events: 

    [[NSNotificationCenter defaultCenter] postNotificationName:@"AppdomeOfflineSetProfile" object:nil userInfo: userInfo]; 
[[NSNotificationCenter defaultCenter] addObserverForName: @"OfflineFolderAccessed" object:nil queue:[NSOperationQueue mainQueue] usingBlock:^(NSNotification *note) {
        NSString *action = [[note userInfo] objectForKey:@"action"];// expired, noSecret, accessNoLocalAuth or accessPincode
        NSString *timestamp = [[note userInfo] objectForKey:@"timestamp"];// UNIX timestamp when event happened
    }];

Android

How to enable Appdome’s offline access to the app’s files: 

    Intent intent = new Intent("AppdomeOfflineSetProfileEvent");

    Bundle bundle = new Bundle();

    bundle.putString("onlineSecret", "myonlinetoken");

    bundle.putString("offlineSecret", "myofflinetoken");

    intent.putExtras(bundle);

    sendBroadcast(intent);

How to Follow and Receive Appdome DEV-Events: 


private final static String OFFLINE_FOLDER = "OfflineFolderAccessed";
private BroadcastReceiver reciever;
private Context context;

public void init(Context context) {
    this.context = context;
    reciever = new BroadcastReceiver() {
        @Override
        public void onReceive(Context context, Intent intent) {
           onEvent(intent);
        }
    };
    context.registerReceiver(reciever, new IntentFilter(OFFLINE_FOLDER));
}

public void stop() {
    context.unregisterReceiver(reciever);
}

private void onEvent(Intent intent) {
    String action = intent.getAction();
    switch (action) {
       case OFFLINE_FOLDER:
           if(!intent.hasExtra("action") ) {
               Log.e(TAG, "illegal event recieved.");
               return;
           }
          String offlineFolderAction = intent.getStringExtra("action");// expired, noSecret, accessNoLocalAuth or accessPincode
    default:
          Log.e(TAG, "unknown event recieved " + action);
   }
}

 Easy Steps to Enable Smart Offline Handoff in Android and iOS apps 

Follow these step-by-step instructions to add Smart Offline Handoff to Any Mobile App.

Upload a Mobile App to Your Account

Please follow these steps to add a mobile app to your Appdome account.
If you don’t have an Appdome account, click here to create an account.

To enable smart offline handoff:

  1. Go to Build > Security tab.
  2. Expand the TOTALData Encryption section and enable (toggle On) Data at Rest Encryption.
  3. Expand the Encryption Control section and enable (toggle On) Smart Offline Handoff
  4. Specify a Designated Folder into which data will be saved for offline access.
    on android, this folder will be created on both
    /data/data/<app-bundle-id>/files and on/sdcard/Android/data/<app-bundle-id>/files.
    On ios  the folder will be created under
    /var/mobile/containers/data/applications/bundle-id
  5. Optional – specify the Session Timeout, an expiration time-frame for offline access (in days – 0 means no expiration time), or toggle the Require Local Authentication switch to require the device Authentication for offline access.
  6. Optional – enable the option Store in Protected Memory, to allow keys and secrets to be automatically stored in protected memory. Protected memory items are encrypted while in-use.
  7. Add additional features you want to integrate to your app, when done – click Build my app.
    Data at Rest Encryption > Smart Offline Handoff option

Congratulations! You now have a mobile secured with Smart Offline Handoff.

Appdome’s no-code mobile app security platform offers mobile developers, DevSec and security professionals a convenient and reliable way to protect Android and iOS apps with Smart Offline Handoff. When an Appdome user clicks “Build My App,” Appdome leverages a microservice architecture filled with 1000s of security plugins, and an adaptive code generation engine that matches the correct required plugins to the development environment, frameworks, and methods in each app.

No Coding Dependency

Using Appdome, there are no development or coding prerequisites to build secured apps.  There is no SDK and no library to manually code or implement in the app. The Appdome technology adds the relevant standards, frameworks, and logic to the app automatically, with no manual development work at all.

How to Sign & Publish Secured Mobile Apps Built on Appdome  

After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include 

Or, see this quick reference Releasing Secured Android & iOS Apps built on Appdome. 

Related Articles

 How to Learn More

Check out Appdome TOTALData Encryption resources.

Check out the full menu of features in the Appdome Mobile Security Suite

If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.

Or request a demo at any time.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

NEED HELP?

let's solve it together

PascalMaking your security project a success!
By filling out this form, you opt-in to recieve emails from us.