Data security

The ForgeRock SDKs do not save or load any user data, such as username or password, or personal information in memory. The only stored keys and data are the Session and OAuth 2.0 tokens required for authentication, and security-related certificates hashes.

The ForgeRock SDKs for iOS and Android support SSL Pinning. The certificate information used is passed in the form of certificate key hashes in the SDKs configuration file. This means you do not have to bundle certificates with your iOS .ipa or Android .apk files.