Starmind Mobile - Security Consideration

Authentication

To authenticate the user, the mobile app uses a one time password (stored in the QR code shown in the user interface). This means, that the Mobile App is authenticated without directly using the Single-Sign On process. For this reason it is important to delete accounts of employees who have left the company.
For a proper user management, we recommend an automated synchronisation of users via User Sync (Starmind User Sync). If no User Sync is implemented, the mobile app can access Starmind until the user is deleted manually in the application.

Public Availability

As the Mobile App is available in the App and Google Play store, employees can download it and link their Starmind account to their private device. A security policy on private devices (e.g. password policy) can often not be enforced.

Cache

The Starmind app has a local cache to support offline functionality, i.e., reading stored questions and solutions. Encrypted storage is used for the cache if it is available on the phone. In case of loss or theft of a device this data could theoretically be read by third parties, if the device is not protected, i.e., encrypted.

3rd Party Services

That data contained in push notifications is sent via the service OneSignal (https://onesignal.com/) as well as Google and Apple servers.

Example Push Notification

{
    "app_id": "75336e93-6a37-485f-b07f-0c03f8f263af",
    "include_player_ids": ["448d05c5-82ad-47e4-b433-605ff828b4bf"],
    "headings": {
        "en": "English Title", 
        "de": "German Title"
    },
    "subtitle": {
        "en": "English Subtitle", 
        "de": "German Subtitle"
    },
    "contents": {
        "en": "English Message", 
        "de": "German Message"
    },
    "ios_badgeType": "SetTo",
    "ios_badgeCount": 1000,
    "data": {
        "target_type": "user_score",
        "target_id": "1000"
    }
}

Enforced Security

For environments demanding a higher level of security it is possible to enforce a screen lock (PIN, fingerprint, pattern, etc.) and encrypted storage. If a device does not provide those features, the app will not connect to Starmind.