Youreka Mobile Security Overview
Note: There are two versions of this article. One for the Old Mobile App, available until mid-2023, and one for the New mobile app, available starting October 2022. This version is intended for users of the Old Youreka Mobile app. To access the article for the new mobile app, click here.
Youreka’s mobile application for iOS and Android leverages the Salesforce Mobile SDK. The Salesforce Mobile SDK contains components to facilitate authentication (OAuth 2.0) and also secure encrypted local storage of data on a mobile device called SmartStore.
Authentication Process (OAuth 2.0)
First Time Authorization Flow
- User opens a Mobile SDK app.
- A Salesforce authentication prompt appears.
- User enters a Salesforce username and password.
- The app sends the user’s credentials to Salesforce and, in return, receives a session ID as confirmation of successful authentication.
- User approves the app’s request to grant access to the app.
- The app starts.
Ongoing Authorization
- User opens a mobile app.
- If the session ID is active, the app starts immediately. If the session ID is stale, the app uses the refresh token from its initial authorization to get an updated session ID.
- The app starts.
**Single sign on is also possible
SmartStore
Youreka utilizes the salesforce Mobile SDK to manage authentication and the Salesforce encrypted storage solution - SmartStore. SmartStore’s database is encrypted via SQLCipher using 256-bit AES (CBC mode/PBKDF2 key derivation). Upon logout all local data is destroyed.
Comments
0 comments
Please sign in to leave a comment.