On iOS devices, all mobile workflow files, and extra data entered by the user or retrieved from the server, are stored in a SQLite database that uses the SQLite Encryption Extensions (AES-128).
Mobile workflow files include all the files contained in the <workflow_package_name>.zip that is deployed to the device, including all HTML, JavaScript, CSS, and any other files that may be included as part of the Workflow zip package. When the iOS device's browser control requests these Web files, they are read from the encrypted SQLite database and passed to the browser control into memory, which means there are no temp files.
Attachments that are downloaded using an online request that uses an object query are stored unencrypted in the mobile workflow’s sandbox for the file viewers to display them. Once the mobile workflow application closes, these temporary attachment files are removed immediately.
The results of online requests that are specified to be cached are stored in the encrypted SQLite Database. Cached results are removed when the mobile workflow package is unassigned from the device, or uninstalled from the server.
Notifications from the server are stored in the same encrypted SQLite database, including the payload that makes up the notification. When the notification is acted upon, the JavaScript makes a request for the notification contents. This is read from the SQLite database and passed to the browser in memory.
When the device has no network connectivity, and the user submits a Workflow for the server to process, the data destined for the server is queued up on the device. This queue is again part of the encrypted SQLite database.