The Sherpany mobile app: how do we protect your confidential data on mobile devices?

We provide native mobile apps for iOS, Android, and Windows. These apps are specifically designed to support meeting participants throughout the entire meeting process, offering a seamless experience. Unlike the web application, the mobile apps support offline access, allowing users to view documents and prepare for meetings without an internet connection.

All apps are available exclusively through official app stores. You can find the system requirements for each mobile platform here.

Download only via official app stores

Sherpany mobile apps are available exclusively through official app stores. Each app is digitally signed with a secure app key, ensuring it cannot be updated or replaced with a non-official version.

Secure authentication

• Mobile App Access: 6 digit passcode (or Face-ID, fingerprint) to access the app. Additionally, there is complete authentication necessary:
  • Email, password & 2FA or
  • Single Sign-on: with SSO, you can enable your own policies (password policy, access restriction (IP, location…)).
• Login Protection
  • Failed login attempts: after 3 incorrect passcode entries, all data is automatically wiped from the device.
  • Session timeout: also see here.
    • Full Authentication: required every 4 weeks (or 12 hours for SSO users).
    • Second Factor (2FA): required every 6 hours.
    • Passcode Re-entry: required after app lock, app closure, or 15 minutes of inactivity.

Secure storage of the data in the mobile app

• All Sherpany mobile apps operate in a sandboxed environment.
• Documents and content are encrypted using AES 256-bit encryption.
• Offline access is supported. Documents are stored locally within the app's secure environment and cannot be accessed from outside the app or saved to external storage (e.g., SD cards).
• Native mobile security frameworks provided by Apple, Google, and Microsoft are used to encrypt stored documents, offering the highest available security.

Regular security checks

The mobile apps undergo regular internal and store-based security reviews and audits.

Device security controls

• Remote wipe: users can revoke access and trigger a remote wipe from within the app settings. The device must be online for the action to complete.
• Jailbreak detection: Jailbreak detection is built-in for both iOS and Android via Runtime Application Self-Protection (RASP). If a device is detected as jailbroken or rooted, all customer data and documents are automatically deleted. (Not applicable for Windows, but we block running the application in any way that can compromise user data, debugging mode, emulation or the running app in a sandbox). 

No download from mobile app

By default, Users can not download data/documents from the Sherpany mobile app to their device. To download a document, users must access the Sherpany web app and have appropriate permissions. Documents can be classified by security level to disable downloading or printing as needed. (see Manage document details > Document’s security).

Additionally, IP filtering is available through the feature Conditional Access. This prevents users from accessing Sherpany on unauthorized or personal devices.

Optional security features

• Watermarks: persistent watermarks can be enabled on all documents, not just printed versions. If a document is leaked, the source can be traced. Note: Screenshot prevention is not implemented, as users could still capture images using another device. Such measures do not provide real additional security.
• Prevent Copy & Paste: copy/paste functionality can be disabled to prevent content from being extracted from within the app.