Mobile Security
This page addresses Blueprint Supplement Gap B2.4: "Incomplete mobile security." The original specification mentioned mobile support but did not detail the security hardening required for a mobile application handling sensitive coaching data. This page provides the comprehensive mobile security specification.
- Executive Summary
- Working Knowledge
- Technical Spec
The ReGenesis mobile app handles deeply personal coaching data on user devices — which introduces security risks that do not exist in a purely web-based deployment. This specification covers every aspect of mobile security from authentication to data encryption to jailbreak detection.
Mobile Security Posture
| Security Layer | Control | Status |
|---|---|---|
| Authentication | Biometric + PIN + MFA | Specified |
| Local Data Encryption | SQLCipher (AES-256-CBC) | Specified |
| Jailbreak/Root Detection | Multi-signal detection | Specified |
| MDM Compatibility | Intune, MobileIron, VMware WS1 | Specified |
| Push Notifications | No content in push payloads | Specified |
| Screenshot Prevention | FLAG_SECURE (Android) / screen capture prevention (iOS) | Specified |
| App Attestation | Play Integrity API + DeviceCheck | Specified |
| Certificate Pinning | SHA-256 pin with backup pins | Specified |
| Forced Updates | Minimum version enforcement | Specified | | Crash Log Scrubbing | PII removal from crash reports | Specified |
Enterprise MDM Requirements
Enterprise clients deploying ReGenesis to managed devices expect MDM compatibility. The platform supports:
- Microsoft Intune: App protection policies, conditional access
- MobileIron: AppConnect containerization
- VMware Workspace ONE: App wrapping, tunnel
- Custom MDM: Standard MAM SDK integration points
Why This Matters
A single compromised mobile device could expose months of deeply personal coaching data. Mobile security is not a feature — it is a prerequisite for enterprise deployment.
What the Mobile App Stores Locally
The mobile app caches a limited set of data for offline access:
| Data Type | Cached | Encrypted | Max Size |
|---|---|---|---|
| Approved session summaries | Yes | SQLCipher | 10 MB |
| Action items | Yes | SQLCipher | 2 MB |
| Evidence packs (L0 only) | Yes | SQLCipher | 5 MB |
| User profile | Yes | SQLCipher | 1 MB |
| Session schedule | Yes | SQLCipher | 2 MB |
| Raw transcripts | NO | N/A | N/A |
| Recordings | NO | N/A | N/A |
| Coach-only notes | NO | N/A | N/A |
| AI intermediate data | NO | N/A | N/A |
Key rule: Raw transcripts and recordings are NEVER stored on mobile devices. Only approved, curated content is cached locally.
Authentication Flow
- First login: Username/password + MFA (TOTP authenticator)
- Biometric enrollment: After first login, user can enable Face ID / Touch ID / fingerprint
- Subsequent logins: Biometric + optional PIN
- Session management: JWT with 30-minute access token, 7-day refresh token stored in Keychain/KeyStore
- Background re-auth: If the app is backgrounded for >5 minutes, biometric re-auth is required
- Offline: Limited cached data available for up to 24 hours without server contact
What Happens on a Compromised Device
If the app detects that a device is jailbroken (iOS) or rooted (Android):
- All local data is immediately wiped (SQLCipher database deleted)
- Authentication tokens are revoked (both local and server-side)
- The app displays a security warning and blocks further use
- An audit log entry is created on the server
- The admin is notified (configurable per tenant)
This is not optional. Enterprise clients require this protection.
Push Notification Design
Push notifications NEVER contain coaching content. Examples:
Good (what the platform sends):
- "You have new insights to review" (no specifics)
- "Upcoming coaching session in 30 minutes" (no details about what will be discussed)
- "Action item reminder" (no content of the action item)
Bad (what the platform NEVER sends):
- "Insight: You show a pattern of avoiding delegation"
- "Session with [name] at [time] to discuss [topic]"
- "Coach notes: Client expressed anxiety about..."
The notification is a pointer. The user must authenticate and open the app to see content.
Screenshot and Clipboard Prevention
-
iOS: The app prevents screenshots of sensitive screens using UITextField overlay technique and WillResignActive handling
-
Android: FLAG_SECURE is set on all activities displaying coaching content
-
Clipboard: Sensitive text fields disable copy/paste. The clipboard is cleared when the app backgrounds.
Forced Updates
When a security patch is released:
- The server sends a minimum version requirement
- If the app version is below minimum, a blocking update screen appears
- The user must update before they can continue
- Grace period: 72 hours for non-critical updates, 0 hours for security patches
Mobile Security Architecture
A jailbroken/rooted device cannot be trusted. All local data is wiped immediately upon detection. This is non-negotiable for enterprise deployments handling sensitive personal data. The wipe is logged server-side and the admin is notified.
The ReGenesis mobile app explicitly excludes its data directory from iCloud/Google Drive backup. Cached coaching data must never appear in a cloud backup where it could be restored to a different device without authentication.
The mobile app is built with React Native for cross-platform development. All security features described above use native modules (Swift/Kotlin) for the security-critical paths. Pure JavaScript is never used for cryptographic operations or device integrity checks.