Mobile App

60166016 60166016

Setup

To use the mobile app on your Starmind Network, please contact your Starmind Customer Support Manager. Starmind will then activate the support of the mobile app for your network.

If you use your company's Single-Sign-On (SSO) for accessing the Starmind network, you need to ensure that the SSO login page is accessible from a mobile device (in the default browser).

Please note, that the Starmind mobile app is sending data for push notifications through OneSignal.

Features

  • Multi-network login
  • Push notifications
  • Same Starmind feature set as in the browser web app
  • Configurable duration of the session (one setting for all mobile users of a Starmind network; configured by Starmind on request)

Downloads

FAQ

Which versions are supported?
Android: 5.1 (minimum version) - 10.0 (latest)
iOS: 11.0 (minimum version) - 13.6 (latest)

How does the app authenticate users?

As in most networks, users are authenticated via Single Sign-On, the app will open a Safari WebView (iOS) or a Chrome custom tab (Android) which overlays the app. This ensures that the user can verify being on the correct site when entering the credentials (auth.starmind.com or custom SSO page of the network) and it is served over HTTPS. The SSO session is handled entirely by the mobile device's default browser (Safari or Chrome).

A token is passed back to the mobile app if the user is authenticated successfully and stored on the device. This token is used by the mobile app to refresh the access token in the future and outlives the SSO session with the goal that the user is automatically re-authenticated and doesn't need to provide credentials again during the session period that is configured (one setting for all mobile users of a Starmind network; configured by Starmind on request). The token is stored in the Keychain on iOS. For Android there is no equivalent of the Keychain, so it is stored in the Shared Preferences (only accessible by the Starmind mobile app, despite the name) and encrypted by a combination of a random 256-bit AES key and a device-specific RSA key from the Android KeyStore.

Who can install the app?

The app can be installed by any user as it is publicly available in the iOS App Store and the Google Play Store. Only users that are part of a Starmind network, which has the mobile app activated, can login and actually use the app.

What data is stored on the device?

  • List of previously logged in networks with their URL
  • The user's language preference
  • The token used to gain access tokens and stay logged in (encrypted, see above in authentication section); the token is valid for the configured duration of the session.

Which 3rd party services are used?

For push notifications to work on mobile devices, Starmind utilizes OneSignal. OneSignal in turn uses FCM (Firebase cloud messaging) respectively APNS (Apple push notification service) depending on the device's operating system. A push notification is transferred via these servers. A push notification may contain customer information such as names, question titles, answers, comments and user-generated descriptions.

Which data is being cached on the mobile device?

The mobile app is operating as an overlay over a browser UI. Which means that the same type of data is cached in the mobile app as it would be when a person is accessing Starmind via a browser. This includes cookies, network settings, language and similar data. The actual customer data (questions, answers, and alike) is not cached.

When is the data deleted from the device?

If the user logs out from a network on the mobile app, all data related to that network is removed from the device. This includes tokens and network meta information such as the URL.

How can users be blocked from accessing a network?

As with the web UI, as soon as a user is deactivated, it is not possible for the user to log into the network anymore. In the mobile app it will not be possible anymore to refresh the access token and the user can therefore not access any API resources anymore and is automatically logged out. There is never any content stored on the device which could still be accessed locally.