On Windows Mobile Professional, mobile workflow files are stored unencrypted on the device’s file system, and mobile workflow Settings are stored unencrypted in the device’s registry.
Mobile workflow files include all the files contained in the <workflow_package_name>.zip that is deployed to the device, including all HTML, JavaScript, CSS, and any other files that may be included as part of the Workflow zip package. These are all stored unencrypted on the file system of the device.
The results of online requests that are specified to be cached are stored unencrypted on the device’s file system. Cached results are removed when the mobile workflow package is unassigned from the device, or uninstalled from the server.
Server notifications are stored unencrypted in the Inbox database of the device (the same database that houses the device’s regular e-mail messages). When the notification is acted upon, the JavaScript makes a request for the notification contents. This is read from the Inbox database and passed to the browser in memory. If you are not using Afaria Security Manager, the Windows Mobile Inbox database must be secured.
When the device has no network connectivity, and the user submits a Workflow for the server to process, the data destined for the server is queued up on the device. The contents of this queue are stored in an unencrypted SQLite database.