On Windows Mobile Professional, Hybrid Web Container files are stored unencrypted on the device’s file system, and Hybrid Web Container settings are stored unencrypted in the device’s registry.
Hybrid Web Container files include all the files contained in the <hybrid_app_name>.zip that is deployed to the device, including all HTML, JavaScript, CSS, and any other files that may be included as part of the Hybrid App zip package. These are all stored unencrypted on the file system of the device.
Images are stored unencrypted on the file system, then removed when the Hybrid App closes.
The results of online requests that are specified to be cached are stored unencrypted on the device’s file system. Cached results are removed when the Hybrid Web Container is unassigned from the device, or uninstalled from the server.
Server notifications are stored unencrypted in the Inbox database of the device (the same database that houses the device’s regular e-mail messages). When the notification is acted upon, the JavaScript makes a request for the notification contents. This is read from the Inbox database and passed to the browser in memory. If you are not using Afaria Security Manager, the Windows Mobile Inbox database must be secured.
When the device has no network connectivity, and the user submits a Hybrid App for the server to process, the data destined for the server is queued up on the device. The contents of this queue are stored in an unencrypted SQLite database.