Part 1: Mobile Security Architecture
| Item | Content |
|---|---|
| Document Name | Part 1: Mobile Security Architecture |
| Product Name | DTA Wide Sleep Management Platform |
| Date | 2026-02-10 |
| Scope | Part 1 (Mobile App) |
1. Mobile Security Overview
Objective: Protect sensitive data at device level, establish secure communication, detect malicious behavior
Supported Platforms:
- iOS 18.0+ (Swift, SwiftUI, Tuist build system)
- Android: [TODO: Android implementation planned]
2. Sensitive Data Storage Policy
2.1 Storage Types and Security Controls
| Data Type | iOS Storage | Android Storage | Encryption Method | Access Control |
|---|---|---|---|---|
| Authentication Token (JWT) | Keychain | [TODO: Android implementation planned] | iOS: Keychain hardware encryption | kSecAttrAccessibleAfterFirstUnlock |
| Password (Local Cache) | Keychain | [TODO: Android implementation planned] | iOS: Keychain hardware encryption | Same |
| PIN Code Hash | Keychain | [TODO: Android implementation planned] | iOS: SHA256 hash then Keychain storage | Same |
| Sleep Log (App Data) | Core Data (WideDataModel.sqlite) | [TODO: Android implementation planned] | iOS default File Protection [TODO: explicit configuration needed] | App exclusive |
| Questionnaire Response (App Data) | Core Data | [TODO: Android implementation planned] | iOS default File Protection [TODO: explicit configuration needed] | App exclusive |
| User Settings (Non-sensitive) | UserDefaults | [TODO: Android implementation planned] | None | App exclusive (Device UUID cache only) |
| Cache Data | NSCache (Memory) | [TODO: Android implementation planned] | None | App exclusive, in-memory (countLimit: 100) |
2.2 Keychain/Keystore Implementation
Keychain Storage Data:
- Authentication tokens (
LiveSleepQDENetworkManager+AppToken+KeyChain.swift) - Login credentials (
LiveAuthManager+UserLoginCredential.swift) - PIN code hash (
LiveAuthManager+UserPINCode.swift) - Device UUID (
Config.swift)
Android Keystore:
[TODO: Android implementation planned]
Android Keystore implementation will be added during Android app development
- Android Keystore (AES-256-GCM, StrongBox)
- EncryptedSharedPreferences
- Expected implementation: Kotlin + AndroidX Security
2.3 Encryption Compliance Mapping (O.Cryp_2~5)
iOS Encryption Layer Architecture:
3. Local Cache and Logging Policy
3.1 Cache Policy
| Cache Type | Retention Period | Encryption | Auto-delete Condition |
|---|---|---|---|
| API response cache | 1 hour | ❌ None (sensitive data excluded) | App termination, memory shortage |
| Image cache | 7 days | ❌ None | LRU algorithm |
| Login session | 30 days | ✅ Keychain/Keystore | Logout, token expiration |
Sensitive Data Caching Prohibited:
- Password (absolutely never cache)
- Medical data originals (parse immediately from API response then discard)
- Other users' information
3.2 Logging Policy
Production Build:
- Log level: ERROR and above only (WARN, INFO, DEBUG disabled)
- Automatic sensitive information masking (email, tokens)
- Crash reporting: Firebase Crashlytics (production crash reporting)
Debug Build:
- Log level: DEBUG and above (all levels)
- Network request/response logging (developer tools)
- Sensitive information masking maintained
Log Storage Location:
- iOS: Xcode Console (in-memory, not stored on device)
- Android: Logcat (in-memory, not stored on device)
4. Screen Protection
[TODO: Not Implemented] Screenshot blocking and background blur
Current Status: Only user-initiated screenshot button (
ScreenshotButton.swift) exists, system-level screenshot blocking or blur on app switching not implemented.Future Implementation Required:
- iOS: Detect
UIApplication.userDidTakeScreenshotNotificationand display warning- iOS: Apply
UIBlurEffectonUIApplication.willResignActiveNotification- Android: Set
FLAG_SECURE(Android implementation)
5. Session and Token Management
5.1 Token Management
AppToken + UserToken Dual Authentication (RS256 Asymmetric Signing):
| Token Type | Validity Period | Storage Location | Refresh |
|---|---|---|---|
| AppToken (Access) | 30 minutes | Keychain (iOS) | Auto-refresh on 401 |
| AppToken (Refresh) | 14 days | Keychain (iOS) | On access token expiration |
Token Refresh Mechanism (Actual Implementation - +UrlSession+Run.swift):
- Attempt auto-refresh on 401 response
- Exponential Backoff (max 5 retries)
- Logout on refresh failure
Items Deleted on Logout (LiveAuthRepository+Logout.swift):
- Complete CoreData initialization
- Keychain token deletion
- Authentication status initialization
- PIN code deletion
- Context initialization
5.2 Auto-Logout Policy
| Condition | iOS Action | Server Action | User Notification |
|---|---|---|---|
| Refresh Token expiration (14 days) | Auto-logout | Token expiration handling | Session expiration notification |
| Token refresh 5 consecutive failures | Auto-logout | - | Re-login request |
| App inactivity (4 hours) | PIN password input required | - | Re-authentication request |
[TODO: O.Auth_8] Timer-based re-authentication on app background return needed (BSI O.Auth_8)
[TODO: O.Auth_9] Server-side inactivity detection and maximum active session time limit needed (BSI O.Auth_9)
5.3 defer Pattern-Based Exception Handling Policy
defer Block Execution Flow (Sensitive data released for both normal/exception paths):
Implementation Status:
| Protection Method | Implementation Status | Notes |
|---|---|---|
| nil assignment (memory release) | ✅ Implemented | nil assignment within defer block |
6. Debug/Release Security Control Separation
6.1 Build Configuration Differences
| Security Control | Release Build | Debug Build | Reason |
|---|---|---|---|
| Jailbreak Detection | ✅ Enabled (exit(0) immediate termination) | ❌ Disabled | Jailbroken devices used in dev environment |
| Symbol Stripping | ✅ STRIP_STYLE=non-global, dSYM separation | ❌ Disabled | Debug convenience |
| Log Level | ERROR and above | DEBUG and above | Debugging during development |
| API Endpoint | Production | Staging | Test environment separation |
| RSA Public Key | prod-only key | dev/stage-specific key | Environment-specific keys (Project.swift) |
| Firebase Crashlytics | ✅ Enabled | ✅ Enabled | Crash reporting |
Debug Build Distribution Restrictions:
- Cannot be deployed to App Store
- Internal testing only
- TestFlight only (Android not implemented)
Debug Build Identification (AppDelegate.swift):
- Separated with
#if DEBUGconditional compilation - App category:
.appCategoryMedical(Project.swift:53)
7. Mobile Authentication Flow
8. Root/Jailbreak Detection (Release Build Only)
8.1 iOS Jailbreak Detection (Actual Implementation - JailBreakDetector.swift)
3 Detection Methods:
| Detection Method | Function Name | Check Content |
|---|---|---|
| 1. Suspicious File Detection | checkSuspiciousFiles() | Check 26+ suspicious paths for Cydia, Sileo, Zebra, etc. |
| 2. Sandbox Violation | checkSandboxViolation() | Attempt file write to /private directory |
| 3. DYLD Check | checkDYLD() | Detect dynamic library injection |
On Detection Action:
exit(0)immediate termination- Runs only in RELEASE build (
#if !DEBUGconditional compilation)
Behavior by Build:
| Build | Jailbreak Detection | Detection Action |
|---|---|---|
| RELEASE | ✅ Enabled | exit(0) immediate termination |
| DEBUG | ❌ Disabled | No action |
8.2 Android Root Detection
[TODO: Android implementation planned]
Root detection implementation needed during Android app development
- Expected library: RootBeer or custom implementation
- Check items:
subinary, Magisk,/systemwrite access- On detection: Immediate termination same as iOS
9. Network Request Security
9.1 HTTPS Enforcement (App Transport Security)
iOS ATS Configuration:
Uses iOS default ATS policy. By default, all HTTP connections are blocked and only HTTPS is allowed.
iOS URLSession Configuration (Actual Implementation - Ext+URLSessionConfiguration.swift):
// Cache policy: always request fresh from server
configuration.requestCachePolicy = .reloadIgnoringLocalCacheData
// Timeout settings
configuration.timeoutIntervalForRequest = 30 // Request timeout: 30 seconds
configuration.timeoutIntervalForResource = 60 // Resource timeout: 60 seconds
Android Network Security Config:
[TODO: Android implementation planned] During Android implementation, need to set
cleartextTrafficPermitted="false"innetwork_security_config.xml
9.2 API Request Headers
Required Headers:
Authorization: Bearer {appToken}
Content-Type: application/json
Accept: application/json
10. Input Validation Policy
10.1 iOS Client Input Validation
Validator.swift-based Validation Items:
| Input Type | Validation Rules | Implementation File |
|---|---|---|
| RFC 5322 format validation | Validator.swift | |
| Password | Minimum length, complexity rules | Validator.swift |
| PIN Code | 4-6 digit numeric | Validator.swift |
| Sleep Duration | Range validation (0-24 hours) | Validator.swift |
| Deeplink Parameters | URL parameter validation | TBD |
| Server Response Type | Decodable-based type validation | Each API Response model |
11. Notification Security Policy
11.1 Local Notification Content Status
Implementation file: LocalPushNotificationType.swift
| Notification Type | Title | Sensitive Data Included |
|---|---|---|
| targetLOT (1 hour before bedtime) | "Noch 1 Stunde bis zur Schlafenszeit" | ✅ None |
| targetAET (wake time) | "Es ist Zeit aufzustehen!" | ✅ None |
11.3 Notification Permission Defaults and Flow (O.Plat_5)
Implementation file: LiveNotificationManager+State.swift
Notification Permission Default Analysis (O.Plat_5):
| Item | Status | Notes |
|---|---|---|
| Initial permission state | notDetermined (unset) | O.Plat_5 compliant: default inactive ✅ |
| Provisional notifications (silent pre-notifications) | Not used | Only explicit user selection |
| Permission request timing | Within explicit user flow | No automatic request on app start |
| FCM token transmission | Only after permission granted | FCM token not sent if not granted |
11.4 Remote Notification Security Status and Gaps
Implementation files: AppDelegate.swift, backend firebase-push.service.ts
| Item | Notes |
|---|---|
| FCM token management (device token only) | No sensitive data included |
Evidence and References (Artifacts)
- Keychain Implementation Code -
WLCore/Sources/KeyChain/KeyChainWrapper.swift - Jailbreak Detection Code -
WLCore/Sources/JailBreak/JailBreakDetector.swift - Cryptography Utilities -
WLCore/Sources/Crypto/CryptoHelper.swift(SHA256, RSA-2048) - Network Configuration -
Ext+URLSessionConfiguration.swift(cache, timeout) - Token Management -
LiveSleepQDENetworkManager+AppToken+KeyChain.swift - Logout Handling -
LiveAuthRepository+Logout.swift(complete data deletion) - Build Settings -
Ext+Project.swift(Symbol Stripping),Project.swift(environment-specific RSA keys) - Authentication Flow Diagram - Section 7 of this document
- Firebase Configuration -
GoogleService-Info-prod.plist(Analytics disabled) - MobSF Report - [TODO: Static analysis execution needed]
| Regulation | Requirement | Implementation | Status | Evidence |
|---|---|---|---|---|
| BSI TR-03161 Part 1 | Local encryption of sensitive data | Keychain (kSecAttrAccessibleAfterFirstUnlock) | ✅ Implemented | KeyChainWrapper.swift |
| BSI TR-03161 Part 1 | Secure network communication | TLS (iOS default ATS) | ✅ Implemented | Ext+URLSessionConfiguration.swift |
| BSI TR-03161 Part 1 | Device integrity verification | Jailbreak Detection (3 methods, exit(0)) | ✅ Implemented (iOS) | JailBreakDetector.swift |
| GDPR Article 32 | Appropriate technical measures | All security controls | ✅ Implemented | This document |
| OWASP MASVS | Enhanced mobile security | Jailbreak detection, token security | ⚠️ Partial | MobSF report [TODO: execution needed] |