Android device security

There are special considerations to be aware of when securing an Android device.

Authentication

IBM Traveler relies on the Domino® infrastructure (HTTP and Admin Client) to authenticate the user. The authentication credentials can be one of the user's allowed Domino® name formats, along with the user's HTTP password, or it can be something defined with the Directory Assistance database. All devices use HTTP Basic Authentication, so HTTPS is recommended for security reasons unless using a VPN or a secured network.

Account information and passwords

All credentials are encrypted using AES 256-bit encryption and stored in application preferences storage. If Disable local password storage is checked, the password is not stored and the user is prompted for the password when needed.

The Notes ID password used for reading Domino encrypted mail, when entered, is encrypted and persistently stored. If the password is changed, the stored password is rejected on the next use and the user is prompted to enter the new password.

Data storage

The mail body and all attachments are encrypted using AES 256-bit encryption. This is true if stored on either internal or external storage.

The rest of the data is stored unencrypted in internal storage. This is only available to the IBM Traveler application based on the Android application security model.

Contacts data is stored using the Android OS Contacts Contract and is accessible to the contacts application through those APIs.