Security Features Implemented for CMO Mobile App and Changes Made
Security Features Implemented for CMO Mobile App and Changes Made
This document provides you with the information on changes made to security features implemented in mobile application for both iOS and Android.
For Android
|
S.No |
Implementation |
Changes |
Release Version |
|
1 |
App compatible for API level 29 (Android Oreo) |
Made changes to make the mobile application compatible for API level 29. |
R2006 |
|
2 |
Enabled application backup |
This functionality is disabled. |
R2110 |
|
3 |
Access to external data storage |
Now the user cannot add executable files as attachment except audio, video, image, pdf, doc files. |
R2110 |
|
4 |
Tap Jacking |
Restricted the tap jacking process by other apps. |
R2202 |
|
5 |
Implemented AES 256 encryption |
Upgraded this to AES GCM No Padding encryption in v18 as the former encryption poses a weak encryption type. |
R2207 |
For iOS
|
S.No |
Implementation |
Changes |
Release Version |
|
1 |
Keychain implementation |
To save sensitive data. |
R2010 |
|
2 |
Implemented AES 256 encryption |
Upgraded this to AES GCM No Padding encryption in v18 as the former encryption poses a weak encryption type.
Changed From: URL : Client Server URL + “Authorize” Params : login - > username password -> encrypted Password companyId -> companyID UseAesCryptoProvider -> true (AES256 Encryption)
Changed To: URL : Client Server URL + "authorization/authorize” Params : login - > username password -> encrypted Password companyId -> companyID UseAesCryptoProvider -> false (AES GCM no padding Encryption) |
R2207 |
Here are some interesting things about...