An application that implements a login screen is considered to be secure. Mobile application developers are responsible for creating login screens for the applications they create. A login screen allows the device user to enter a passcode to unlock the data vault. The data vault acts as the local repository of sensitive data.
The data vault holds sensitive artifacts securely, because all data or artifacts in the data vault is strongly encrypted. Contents can include encryption keys, user and application login credentials, sync profile settings, certificates (as BLOBS).
A secure application that uses a login screen:
- Prompts the user to enter the datavault passcode to open the application and get access to the local client database. If the wrong passcode is used, the application is rendered useless: the key that encrypts and decrypts data in the vault cannot be used to access data until this code is accurately entered.
After a certain amount of time passes, the login in screen can be redeployed to prompt the user to re-enter the passcode.
- Can be locked out after a configured number of retries.
- Can self-destruct after a set number of incorrect passcode attempts.
When this occurs, the device user must uninstall, reinstall, then perform an initial sync to recover from a destroyed data vault.
For more information on the data vault, see the Developer Guide for your device type.