How to Provide Secure Offline Data Access for iOS & Android

Last updated January 26, 2023 by Appdome

This article covers how to provide secure offline access for iOS and Android apps.

Secure Offline Data Access for iOS & Android Apps

Security-conscious developers sometimes may want to restrict access to offline data or introduce additional security requirements on users in order to grant offline access. For example, to only allow offline access after successful authentication with a remote server. They also may want to limit offline access to the data to a certain time-frame or require additional authentication.

With Appdome TOTALDataTM Encryption, all data stored inside the mobile app (including media files) is encrypted at run-time using industry-standard AES 256  cryptographic protocols. When the Appdome Smart Offline Handoff option is enabled, Appdome decrypts the app’s data only after the user successfully authenticates. Additionally, the developer can specify a folder for offline file access, along with the required conditions that must be met in order to permit offline access to the data  (for example the required conditions may include a time expiration, or require additional authentication, such as Pincode/ biometric authentication). 

Prerequisites for using Appdome’s Smart Offline Handoff 

Adding Appdome Smart Offline Handoff to your app also requires Appdome DEV-Events ™, to be enabled in your code. The DEV-Events will inform Appdome on when and how to enable offline access to the app’s files.

Appdome DEV-Events Structure

Each Appdome DEV-Event is a set of key/value dictionary. Both key and value are strings: Java Strings, for Android App and NSString for iOS Apps.

EventID Event Fields
OfflineFolderAccessed
  • timestamp – the UNIX epoch timestamp of the event
  • action – which action took place:
    • expired – offline key has expired
    • noSecret – user tried to access a file in the offline folder without providing offline secret
    • accessNoLocalAuth – the user was granted access with saved secret without local authentication
    • pincode – the user was granted access with local authentication by Pincode

iOS

How to enable Appdome’s offline access to the app’s files: 

    NSString* onlineToken = @“myonlinetoken";

    NSString* offlineToken = @“myofflinetoken";

    NSMutableDictionary *userInfo = [[NSMutableDictionary alloc] init];

    [userInfo setObject: onlineToken forKey: @"onlineSecret"];

    [userInfo setObject: offlineToken forKey: @"offlineSecret"];

How to Follow and Receive Appdome DEV-Events: 

    [[NSNotificationCenter defaultCenter] postNotificationName:@"AppdomeOfflineSetProfile" object:nil userInfo: userInfo]; 
[[NSNotificationCenter defaultCenter] addObserverForName: @"OfflineFolderAccessed" object:nil queue:[NSOperationQueue mainQueue] usingBlock:^(NSNotification *note) {
        NSString *action = [[note userInfo] objectForKey:@"action"];// expired, noSecret, accessNoLocalAuth or accessPincode
        NSString *timestamp = [[note userInfo] objectForKey:@"timestamp"];// UNIX timestamp when event happened
    }];

NEED HELP?

let's solve it together

DafnaMaking your security project a success!
By filling out this form, you opt-in to recieve emails from us.