HCL Verse for Android device security

There are special considerations to be aware of when securing an HCL Verse for Android device.

Authentication

HCL Traveler relies on the Domino® infrastructure (HTTP and Admin Client) to authenticate the user. The authentication credentials can be one of the user's allowed Domino® name formats, along with the user's HTTP password, or it can be something defined with the Directory Assistance database. All devices use HTTP Basic Authentication, so HTTPS is recommended for security reasons unless using a VPN or a secured network.

Account information and passwords

All credentials are encrypted using AES 256-bit encryption and stored in application preferences storage. If Disable local password storage is checked, the password is not stored and the user is prompted for the password when needed.

The Notes ID password used for reading Domino encrypted mail, when entered, is encrypted and persistently stored. If the password is changed, the stored password is rejected on the next use and the user is prompted to enter the new password.

Data storage

All content synchronized from the HCL Traveler server and content created via the HCL Verse for Android application is encrypted and securely stored using AES 256-bit encryption.

If the Administrator allows HCL Verse Contacts to be exported, the exported Contact data is stored using the Android OS Contacts Contract and is accessible to the contacts application through those APIs.