iOS Security
The CMDOP iOS app secures credentials and sessions with multiple layers: biometric authentication (Face ID, Touch ID, Optic ID), iOS Keychain encrypted storage with Secure Enclave protection, TLS 1.3 for all connections, certificate pinning, and automatic session management. Sensitive paths like .ssh and .env are blocked by default.
The CMDOP iOS app implements multiple security layers to protect your credentials and sessions.
How does biometric authentication work?
Which biometric types are supported?
The app supports biometric authentication:
| Biometric Type | Devices |
|---|---|
| Face ID | iPhone X and later, iPad Pro |
| Touch ID | Older iPhones, iPad Air, iPad Mini |
| Optic ID | Apple Vision Pro |
How does the app lock work?
When enabled, the app requires biometric authentication:
- When opened from background
- When launching the app
- Before accessing terminal sessions
- Before viewing sensitive settings
To enable:
- Go to Settings > Security
- Enable Require Face ID
- Optionally set auto-lock timeout
What happens if biometric authentication fails?
If biometric fails 3 times, you can use your device passcode.
How are credentials stored?
How does iOS Keychain storage work?
All sensitive data is stored in iOS Keychain:
| Data | Storage |
|---|---|
| Auth tokens | Keychain (encrypted) |
| Push tokens | Keychain (encrypted) |
| Server configs | Keychain (encrypted) |
| API keys | Keychain (encrypted) |
Keychain configuration:
- Service:
com.cmdop.mobile - Access:
kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly
This means:
- Data is encrypted until first device unlock
- Data cannot be transferred to another device
- Data is protected by Secure Enclave
What data is NOT stored locally?
The app never stores:
- Plaintext passwords
- SSH private keys
- Session recordings locally
How is network traffic secured?
What TLS version is used?
All connections use TLS 1.3:
- gRPC connections to control plane
- REST API calls
- Push notification verification
Does the app use certificate pinning?
The app validates server certificates against known roots.
Is any data sent in plaintext?
The app never sends:
- Credentials over HTTP
- Tokens in URL parameters
- Sensitive data in logs
How are sessions secured?
What happens when the app goes to the background?
When the app enters background:
- State changes to suspended
- Server notified
- Heartbeat sent
- Background tasks scheduled
Sessions persist on the server but the local connection is gracefully closed.
What happens when the auth token expires?
If authentication fails:
- Reconnection stops immediately
- Stored token is cleared
- User prompted to re-login
How are push notifications secured?
How does push token registration work?
Push tokens are registered with:
- Device ID (anonymized)
- APNs environment (development/production)
- App version
What are silent pushes used for?
Silent pushes are used for:
- Wake operations
- Pending command checks
- Session updates
No sensitive data is sent in push payloads.
Which file paths are blocked?
For security, these paths are blocked:
# Sensitive paths blocked by default — returns ACCESS_DENIED
.ssh
.gnupg
.aws
.env
credentials
secrets
Keychain
PreferencesAccessing these paths returns ACCESS_DENIED.
What are security best practices?
How do I enable biometric lock?
Always enable Face ID / Touch ID:
- Settings > Security
- Toggle Require Face ID
- Set timeout to Immediately
Should I use a separate workspace for mobile?
For mobile access, consider a workspace with limited permissions.
How do I review session history?
Regularly check active sessions:
- Open Sessions tab
- Review connected clients
- Disconnect unknown sessions
Why should I keep the app updated?
Update the app regularly for security patches.
How do I report security vulnerabilities?
Report security issues to: [email protected]
Include:
- App version
- iOS version
- Steps to reproduce
- Impact assessment