Security
Note This subsection describes security mechanisms specific to the Aurex mobile application.
The Aurex mobile app follows the same security model as the web platform while introducing additional protections tailored for mobile usage.
Authentication and session security
Access to the mobile app requires:
valid Aurex account credentials,
an active authenticated session,
device-level protection where available.
User sessions are securely managed and can be invalidated at any time.
Device-based protection
Important The mobile app relies on device-level security features provided by the operating system.
This may include:
biometric authentication (Face ID / fingerprint),
device passcode protection,
secure OS-level storage for session data.
Exact availability depends on the user’s device and system configuration.
Sensitive actions
Certain actions inside the mobile app may require additional verification, including:
one-time passwords (OTP),
re-authentication prompts,
temporary session confirmation.
This helps reduce the risk of unauthorized access if a device is compromised.
Data handling
No private keys are stored directly in the mobile app.
Sensitive data is transmitted over encrypted channels.
Account-critical logic remains server-side.
Note The mobile app does not introduce new custody or key management responsibilities.
Account control
Users retain full control over their account:
sessions can be revoked from other devices,
access can be restored through standard recovery procedures,
security changes apply across web and mobile simultaneously.
Security boundaries
Important API keys and developer credentials are never exposed to the mobile application.
The mobile app operates strictly as a user-facing interface.
Summary
Mobile app security is aligned with the web platform
Device-level protections enhance account safety
All critical security controls remain centralized
Last updated