Our Open LMS customer had noticed that the Open LMS Mobile App allows for Download Course/Download Courses available in their Mobile Apps. We have assisted our customer to disable Open LMS Mobile App "download the courses offline" feature accordingly and further discovered that the files stored in Mobile App are unencrypted.

In short, even when the feature is disabled, the learning materials are retained in the app as it is still in the app’s cache. As such, when the device is connected to a computer, the learners could potentially download the content (pdf, SCORM, quiz questions, etc.) and share them with other people and/or on social media.

Our Open LMS customer is deeply concerned with this and requested that Open LMS considers the suggestion to encrypt such learning materials via the system level. Citing some examples that they provided, such as Netflix or Spotify, whereby the app allows for downloading, but the contents are only playable on the app itself.

Please let us know your view point of this matter and the level of looking into such essential security for safeguarding the offline contents.