When the user chooses to encrypt a note, the text of that note is secured via the Themis Open Source library (AES-GCM-256 with ZRTP KDF) with a per note unique encryption key.

The password is stored for biometric authentication using Apple’s SecureEnclave through the Valet Open Source library.

These are only highlights of the security structure we adopt in Bear. If you want to read an in-depth analysis you can read the blog post from Cossack Labs, the security firm we have collaborated with to make it all happen.