Mobile applications act as a separate UI in order to access the Azets Cozone. Mobile applications pull the data via REST APIs and display it for the user.
GDPR guidelines are implemented on web applications, there is no data stored on mobile devices.
Authentication is performed via Azets Cozone Identity provider. As a result, the mobile application obtains a token that is used for authentication to REST APIs, therefore regular flows (like TFA, external IDPs, etc.) of the web app are applied.
We apply security best practices like storing the access token on encrypted storage protected by fingerprint.