Device Cybersecurity Overview

Encrypted Communication:  All communications between the mobile app and the backend REST API are secured using TLS (HTTPS), ensuring encryption of data in transit, safeguarding against eavesdropping and man-in-the-middle attacks.

Local Data Encryption: The mobile app uses encryption to protect cached data stored locally on the device, ensuring that sensitive data remains secure, even if the device is compromised.

Backend Data Encryption: The backend infrastructure, specifically the RDS (Relational Database Service), employs encryption-at-rest mechanisms, ensuring that data stored in the cloud database is encrypted using secure encryption standards (e.g., AES-256), protecting data from unauthenticated access.

Secure Network Architecture: The backend services are hosted within a private subnet, which prevents direct public internet access. Only authenticated traffic, routed through CloudFront (CDN), can access the backend services. This isolates sensitive resources and reduces exposure to potential attacks.

Root Detection: The mobile app includes root/jailbreak detection mechanisms, which prevent rooted devices from running the application. This reduces the risk of malicious users tampering with the app or gaining elevated privileges to exploit vulnerabilities.

User Authentication: All requests must be made by authenticated users. See below for further details on PainChek’s authentication methods and setup.