Mobile apps that require login processes and are assigned to the central Federal Administration are also subject to the eIAM usage obligation.
Login persistence and device protection (biometrics, PIN)
Very long persistence is permitted, which means, for example, that it is possible to access the app for one year with device protection, without having to log in again via eIAM. Persistence is permitted solely for apps with forced device protection.
Rendering of eIAM screens allowed only in real browsers
eIAM screens must not be rendered in app-embedded browsers, as the app can read what is entered, and login methods such as AGOV usually do not work in them. It is necessary to switch to a real browser on the mobile device. This is state of the art and is supported out of the box by Android and iOS, including fully automatic back-and-forth switching.
Implementation example and further information
Further information and an implementation example can be found at
