App security

Fliplet has several security features to keep your app and account secure. This article details each feature to help you understand when and how to use them. 

Fliplet recommends adding security components to apps that require account creation prior to user access. Apps with personal data are also strongly advised to include security, given the implications of this information being accessed by the wrong users. We recommend regularly updating and reviewing the security features to ensure your account and apps are protected.

Get started

This article will cover:

1. App based security features
   1. User authentication
   2. Data source security
   3. Screen security
   4. 3rd party security including email, SMS, and push notifications
   5. Update your mobile app regularly
   6. Distribute your app via the app store or MD
2. Studio based security features
   1. Review user access
   2. Organization users and access
   3. Organization security
   4. Integrate Studio with SSO
   5. Monitor app usage with org dashboard
   6. Monitor app usage by analyzing logs
   7. Request access to launch an app 
   8. Retire/unpublish an app

App based security features

These features help to secure the app and ensure access and data is restricted.

1. User authentication
   Fliplet offers a range of user authentication features including login, SSO, email verification, and SMS verification. You can even use Fliplet’s authentication system to verify your users. Users can be pre-configured or users can create their own account.

2. Data source security
   Data source security is available for all accounts and can be used to protect and control access to a data source. To learn more about this security feature see here.
   Fliplet recommends any apps that include data sources with sensitive information, such as a list of users, should ensure the data source settings are set to exclude this data when downloading the app.
   This ensures that the data source will not be included when downloading your app and instead, data will be loaded from the server separately and will require an internet connection. To edit the settings, select your data source, choose the settings tab and make sure “Do you want to exclude this data when downloading the app?” Is ticked.
   Any historic apps should have data sources removed and an update sent to the app stores.

3. Screen Security
   Screen security is available for all apps and will help ensure that only authorized users can access your app’s screens. There are several different rules and conditions that can be set when using screen security. For more information see here.

4. 3rd party security including email, SMS, and push notifications
   Fliplet’s API only supports encrypted communication from Fliplet apps. Data is then sent to our 3rd parties over an encrypted connection. Our providers typically use encrypted connections were supported to deliver their messages to 3rd party services, such as email servers or mobile networks. Devices will then use their default security features to receive the content, typically over encrypted connections.
   For example, a Fliplet app requests an email be sent via an encrypted connection. Fliplet’s servers connect to our email provider via an encrypted connection. The email is delivered to the destination email service via an encrypted connection. This level of encryption is common across Fliplet’s data sub-processors for 3rd party services and delivery.
   If a recipient’s device or server doesn’t support encryption some solutions will deliver content without encryption but this is progressively becoming less common and devices and servers are upgraded. You can verify if your servers and devices support encrypted connections by checking their documentation or running online scans. For example, this product can test your email service for encryption support https://ssl-tools.net/mailservers
5. Update your mobile app regularly
   Fliplet regularly updates our core iOS and Android app code as well as updating how we build mobile apps in line with best practices from Apple and Google. In order for your app to gain these additional security and feature benefits, we recommend you update your app and distribute it to your users every 6 months. If you use the app stores they will manage the distribution of your app to your users. If you distribute the app another way you should ensure your users are upgrading their app.

6. Distribute your app via the app store or MDM
   The safest way to distribute your app and manage your app updates is to distribute it via the app stores as iOS and Android will automatically update the app. If you distribute the app without using the app store ensure your MDM software will upgrade apps for you. Avoid distributing apps without an app store or MDM to manage them.
   

Studio based security features

1. Review user access
   By using the manage users option, you can determine who has access to your app in Fliplet Studio. There are three access options for users.
   1. Can edit and publish updates
   2. Can edit
   3. Preview only
      See more on managing users here.

2. Organization users and access
   As an organization admin, you are able to review organization users and their access rights. This will help you ensure users have only the access they need. There are two user types available.
   1. Standard – User can only manage their own account and the apps they have access to
   2. Admin – User can manage all user accounts and apps in the organization.
      To understand more about the manage organization admin features see here.

3. Organization security
   Each organization can configure security settings to prevent unauthorized access. The options available include:
   1. Password policy – Allowing the admin to configure a set of rules that define the type of password a user can set.
   2. Account lockout – Set the number of maximum invalid login attempts before the user is locked out
   3. Enforce two-factor authentication – This option allows the admin to enable and enforce users to configure two-factor authentication when they next sign in to Fliplet Studio.
   4. SAML2 Single Sign-On – Configure Single Sign-On with SAML2 to provision and manage access to Fliplet via your security providers. Gold+ Customers only.
      For more on organization security, see the security features section here.

4. Integrate Studio with SSO
   Using SSO will ensure users have a valid corporate account to use Studio – This is available on Gold+ plans.
   For more information see here.

5. Monitor app usage with org dashboard
   Using this feature enables admins to get an overview of the actions that are being taken by their employees within their Fliplet account. The dashboard shows information such as how many users have logged in to Studio, what apps were created or edited, the number of unique app users, and more. To learn more about the organization dashboard see here.

6. Monitor app usage by analyzing logs 
   This feature is available on Gold+ plans and allows you to access your app’s logs. Logs are a detailed list of events that occur in the app. Logs are available via the API and soon via DIS for on-premise storage, monitoring, or alerts using a customer’s preferred software.’
   Logs include the following types of events:
   Authentication, User activity, User management, and App management.
   To see the full list and learn more click here.

7. Request access to launch an app
   This feature is available on Gold+ Plans and allows you to control how users can launch apps in your organization by enforcing an approval process. Choose between “Everyone can launch apps” and “User must request approval from organization admin before launching an app.” For more information on app launch permissions, see here.

8. How to retire/unpublish an app
   Fliplet recommends retiring or unpublishing your app if it is no longer in use, to stop access to your app.
   There are several steps to take to ensure your app is unpublished and retired. To learn more see here.