Question 5 - OutSystems Architecture-Specialist-11 Real Exam Questions [Feb 2026 Update]

Q: 5

Which of the below is not a best practice for mobile security:authentication?

Options

Correct Answer:

Explanation

Storing a user's password in the device's local storage is a critical security vulnerability and is explicitly against best practices. Local storage is not an encrypted or secure container and can be accessed by other applications or malicious actors if the device is compromised. OutSystems recommends using secure, platform-specific storage mechanisms, such as the Keychain on iOS or Keystore on Android, for any sensitive information. This is typically achieved by using supported Forge components like the Key Store Plugin, which provides a secure API to store data. Authentication tokens, not raw passwords, should be stored for session management.

Why Incorrect

B. Encrypting sensitive data is a fundamental security best practice to protect data at rest, ensuring it remains confidential even if the device's storage is breached.

C. Using external identity providers (e.g., Google, Facebook) for online authentication and device-native methods (fingerprint, PIN) for offline access are recommended, secure, and user-friendly patterns.

References

1. OutSystems Official Documentation

"Mobile and Reactive App Security Best Practices":

Section: Protecting data: This section advises against storing sensitive information in local storage. It states

"For highly sensitive information

like access tokens

use a secure storage plugin available from the OutSystems Forge

like the Key Store Plugin... This will store the data in the device's Keychain/Keystore." This directly contradicts option A and supports the reasoning for its incorrectness.

Section: Authentication: This section recommends using external identity providers and also discusses patterns for offline authentication using a local PIN or biometrics

validating the practices mentioned in option C.

2. OutSystems Official Documentation

"Designing the architecture of your OutSystems applications" e-book:

Chapter: 5. Security

Section: Mobile App Security (Page 70): The guide emphasizes

"Never store sensitive data

such as passwords or personal information

in the device’s local storage. Use secure storage plugins that leverage native device capabilities like the keychain." This reinforces that option A is not a best practice. It also discusses the importance of data encryption

supporting option B.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE