[{"data":1,"prerenderedAt":353},["ShallowReactive",2],{"docs-page:en:\u002Fdocs\u002Fabout\u002Fsecurity-trust":3,"docs-navigation:en":253},{"id":4,"title":5,"body":6,"description":245,"extension":246,"meta":247,"navigation":248,"path":249,"seo":250,"stem":251,"__hash__":252},"docs_en\u002Fen\u002Fdocs\u002Fabout\u002Fsecurity-trust.md","Security and trust",{"type":7,"value":8,"toc":233},"minimark",[9,13,16,21,24,58,61,65,68,86,89,93,99,102,149,152,156,159,176,179,183,186,201,204,208,211,214,221,225,230],[10,11,12],"p",{},"Otalan is built for teams that need OTA speed without giving up release control. The safety model is simple: only compatible bundles can be served, bundles are validated before activation, credentials are scoped by job, and operators can pause or roll back a release without shipping a new native binary.",[10,14,15],{},"This page is a public summary of the v1 security posture. It is not a security certification.",[17,18,20],"h2",{"id":19},"release-safety-model","Release safety model",[10,22,23],{},"Otalan is designed to reduce the blast radius of a bad OTA release:",[25,26,27,46,49,52,55],"ul",{},[28,29,30,31,35,36,35,39,42,43],"li",{},"each release targets one exact ",[32,33,34],"code",{},"appId",", ",[32,37,38],{},"platform",[32,40,41],{},"channel",", and ",[32,44,45],{},"runtimeVersion",[28,47,48],{},"only one bundle can be active for that exact target at a time",[28,50,51],{},"failed validation keeps the previous active bundle in place",[28,53,54],{},"staged rollout can limit exposure before a full release",[28,56,57],{},"pause and rollback are available from the same release history",[10,59,60],{},"That model does not replace app testing. It gives the release team a controlled path for compatible web asset updates.",[17,62,64],{"id":63},"credentials-are-split-by-job","Credentials are split by job",[10,66,67],{},"Otalan separates credentials so one key is not responsible for everything:",[25,69,70,73,80,83],{},[28,71,72],{},"OTA App Keys are used by installed apps for runtime update checks and confirmation.",[28,74,75,76,79],{},"OTA Publish Keys are used by ",[32,77,78],{},"@otalan\u002Fcli"," and release automation.",[28,81,82],{},"Publish keys should never be shipped in frontend or mobile app code.",[28,84,85],{},"Sensitive credentials are not shown back to users after creation.",[10,87,88],{},"Keep publish credentials in trusted release tooling, CI secrets, or the dashboard. Keep app credentials limited to the installed app runtime.",[17,90,92],{"id":91},"bundle-validation","Bundle validation",[10,94,95,96,98],{},"The dashboard and ",[32,97,78],{}," handle upload details automatically. Uploaded bundles are validated before activation.",[10,100,101],{},"The validation layer rejects or bounds:",[25,103,104,107,110,113,116,119,122,125,128,131,134,137,140,143,146],{},[28,105,106],{},"path traversal and absolute paths",[28,108,109],{},"Windows drive-letter paths",[28,111,112],{},"symlink entries",[28,114,115],{},"encrypted entries",[28,117,118],{},"unsupported compression methods",[28,120,121],{},"nested ZIP files",[28,123,124],{},"forbidden executable\u002Fsource-map style entries",[28,126,127],{},"duplicate archive paths",[28,129,130],{},"ZIP64 and multi-disk archives",[28,132,133],{},"excessive compressed size",[28,135,136],{},"excessive uncompressed size",[28,138,139],{},"excessive file count",[28,141,142],{},"excessive path length",[28,144,145],{},"excessive compression ratio",[28,147,148],{},"generated Expo manifests over 256 KB",[10,150,151],{},"If validation fails, the previous active bundle remains active.",[17,153,155],{"id":154},"runtime-safeguards","Runtime safeguards",[10,157,158],{},"Runtime delivery is protected by:",[25,160,161,164,167,170,173],{},[28,162,163],{},"authenticated OTA App Key requests",[28,165,166],{},"exact tuple matching before a bundle is served",[28,168,169],{},"active subscription checks before publishing and billable delivery",[28,171,172],{},"bounded request metadata and release metadata",[28,174,175],{},"rollout percentage, pause, resume, and rollback controls",[10,177,178],{},"Contact Otalan before unusually large or time-sensitive rollouts.",[17,180,182],{"id":181},"if-a-release-goes-wrong","If a release goes wrong",[10,184,185],{},"For a compatible web asset problem, the normal response is:",[187,188,189,192,195,198],"ol",{},[28,190,191],{},"pause the active release if more exposure should stop immediately",[28,193,194],{},"roll back to a previous known-good bundle in the same tuple",[28,196,197],{},"confirm the app receives the restored bundle on the next eligible check",[28,199,200],{},"publish a corrected bundle when ready",[10,202,203],{},"If the problem depends on native code, native plugins, permissions, entitlements, or a different runtime version, ship a new store binary and publish future OTA bundles on the new runtime line.",[17,205,207],{"id":206},"deletion-and-operational-records","Deletion and operational records",[10,209,210],{},"Archiving an app is reversible and does not delete bundle records or stored bundle files. Deleting an app removes its app-scoped release history and queues related bundle archive and Expo asset objects for housekeeping deletion from object storage.",[10,212,213],{},"Bundle files can also be deleted from a bundle row. A deleted bundle file cannot be served and cannot be used as a rollback target.",[10,215,216,217,220],{},"Otalan may keep operational metadata needed for release history, usage and billing records, audit, security review, abuse prevention, and support. For privacy, deletion, or security requests, contact ",[32,218,219],{},"contact@otalan.com",".",[17,222,224],{"id":223},"contact","Contact",[10,226,227,228,220],{},"For security reports, privacy requests, or deletion requests, contact ",[32,229,219],{},[10,231,232],{},"Include enough detail to reproduce security issues: affected area, customer impact, request shape, expected behavior, observed behavior, and whether credentials or customer data may have been exposed.",{"title":234,"searchDepth":235,"depth":235,"links":236},"",3,[237,239,240,241,242,243,244],{"id":19,"depth":238,"text":20},2,{"id":63,"depth":238,"text":64},{"id":91,"depth":238,"text":92},{"id":154,"depth":238,"text":155},{"id":181,"depth":238,"text":182},{"id":206,"depth":238,"text":207},{"id":223,"depth":238,"text":224},"How Otalan keeps OTA releases controlled: scoped keys, bundle validation, exact matching, rollout controls, rollback, deletion behavior, and support contact.","md",{},true,"\u002Fen\u002Fdocs\u002Fabout\u002Fsecurity-trust",{"title":5,"description":245},"en\u002Fdocs\u002Fabout\u002Fsecurity-trust","F8BtAI9V_n4eYqXo7grdz4S6wUVWhkte3LKPCnaNPBk",[254],{"title":255,"path":256,"stem":257,"children":258,"page":272},"En","\u002Fen","en",[259],{"title":260,"path":261,"stem":262,"children":263,"page":-1,"description":265},"Introduction","\u002Fen\u002Fdocs","en\u002Fdocs\u002Findex",[264,266,273,283,293,303,323,343],{"title":260,"path":261,"stem":262,"description":265},"Understand what Otalan is, when to use it, and how the first safe OTA release flow works for Capacitor and Expo apps.",{"title":267,"path":268,"stem":269,"children":270,"page":272},"About","\u002Fen\u002Fdocs\u002Fabout","en\u002Fdocs\u002Fabout",[271],{"title":5,"path":249,"stem":251,"description":245},false,{"title":274,"path":275,"stem":276,"children":277,"page":272},"Build","\u002Fen\u002Fdocs\u002Fbuild","en\u002Fdocs\u002Fbuild",[278],{"title":279,"path":280,"stem":281,"description":282},"Generate a bundle","\u002Fen\u002Fdocs\u002Fbuild\u002Fgenerate-bundle","en\u002Fdocs\u002Fbuild\u002Fgenerate-bundle","Prepare a release artifact that will pass Otalan's validation pipeline, including the extra considerations required for Expo-based publish flows.",{"title":284,"path":285,"stem":286,"children":287,"page":272},"Deploy","\u002Fen\u002Fdocs\u002Fdeploy","en\u002Fdocs\u002Fdeploy",[288],{"title":289,"path":290,"stem":291,"description":292},"Publish a release","\u002Fen\u002Fdocs\u002Fdeploy\u002Fpublish-release","en\u002Fdocs\u002Fdeploy\u002Fpublish-release","Submit a release through the dashboard, understand each field in the publish form, and operate the validation lifecycle with confidence.",{"title":294,"path":295,"stem":296,"children":297,"page":272},"Integration","\u002Fen\u002Fdocs\u002Fintegration","en\u002Fdocs\u002Fintegration",[298],{"title":299,"path":300,"stem":301,"description":302},"Migrate from App Center CodePush","\u002Fen\u002Fdocs\u002Fintegration\u002Fapp-center-codepush","en\u002Fdocs\u002Fintegration\u002Fapp-center-codepush","Plan a migration from Microsoft App Center CodePush to Otalan, with mapping notes, rollout guidance, and common failure modes.",{"title":304,"path":305,"stem":306,"children":307,"page":272},"Quick Start","\u002Fen\u002Fdocs\u002Fquick-start","en\u002Fdocs\u002Fquick-start",[308,313,318],{"title":309,"path":310,"stem":311,"description":312},"Capacitor quick start","\u002Fen\u002Fdocs\u002Fquick-start\u002Fcapacitor","en\u002Fdocs\u002Fquick-start\u002Fcapacitor","Wire the Otalan Capacitor runtime into an installed app so it can check for OTA updates, install compatible bundles, and confirm successful launches.",{"title":314,"path":315,"stem":316,"description":317},"Expo quick start","\u002Fen\u002Fdocs\u002Fquick-start\u002Fexpo","en\u002Fdocs\u002Fquick-start\u002Fexpo","Configure expo-updates with Otalan, add the Otalan Expo helper, and make the installed app ready to receive compatible OTA bundles.",{"title":319,"path":320,"stem":321,"description":322},"Publish in 5 minutes","\u002Fen\u002Fdocs\u002Fquick-start\u002Fquick-start","en\u002Fdocs\u002Fquick-start\u002Fquick-start","Create the first Otalan release path, publish a baseline bundle, verify one update, and prove rollback before widening rollout.",{"title":324,"path":325,"stem":326,"children":327,"page":272},"Tooling","\u002Fen\u002Fdocs\u002Ftooling","en\u002Fdocs\u002Ftooling",[328,333,338],{"title":329,"path":330,"stem":331,"description":332},"AI skill","\u002Fen\u002Fdocs\u002Ftooling\u002Fai-skill","en\u002Fdocs\u002Ftooling\u002Fai-skill","Copy a compact assistant skill for Otalan SDK setup, CLI publishing, and safe credential boundaries.",{"title":334,"path":335,"stem":336,"description":337},"CLI","\u002Fen\u002Fdocs\u002Ftooling\u002Fcli","en\u002Fdocs\u002Ftooling\u002Fcli","Learn when to use the Otalan CLI, what workflows it covers, and how it complements the dashboard instead of replacing the platform model.",{"title":339,"path":340,"stem":341,"description":342},"SDKs","\u002Fen\u002Fdocs\u002Ftooling\u002Fsdk","en\u002Fdocs\u002Ftooling\u002Fsdk","Understand the difference between the Capacitor and Expo integrations, and choose the runtime package that matches the way your mobile app actually updates.",{"title":344,"path":345,"stem":346,"children":347,"page":272},"Versions","\u002Fen\u002Fdocs\u002Fversions","en\u002Fdocs\u002Fversions",[348],{"title":349,"path":350,"stem":351,"description":352},"v1","\u002Fen\u002Fdocs\u002Fversions\u002Fv1","en\u002Fdocs\u002Fversions\u002Fv1","Supported runtimes, public limits, and post-v1 candidates for Otalan v1.",1780287525123]