BrowZine works like a very advanced and smart web browser where the links to content are presented by the BrowZine cloud service to the app and then presented to the user as a table of contents. When a user clicks on the article they want, this is then fetched from the publisher's server directly, thus enabling accurate COUNTER statistics for that publisher (full text downloads).
On the iPad, Apple's iOS Keychain is used to store user credentials, the same mechanism used for the iPad's built-in Safari web browser if a user decides to let the browser "remember my password" for a website.
The encryption used is AES 128, according to the details about the keychain starting on page 11 of this document:
For Android devices, there is no exact equivalent to the iOS keychain. However, the Android OS includes its own security measures at the device level which is then compounded by AES-128 encryption of credentials in BrowZine built by Third Iron creating a double layer of protection.
To enable authentication, we ask for your pre-proxy URL so that we can "touch" your proxy server during this transaction and we also log the username and password of the iPad user when they first login. We then pass along these credentials, which are securely encrypted on the iPad itself and NEVER passed back to the Third Iron servers, to your proxy server thus allowing you to gain access to your subscribed content from off-campus.
Beyond proxy servers, BrowZine also works great with VPN as well as Shibboleth authentication mechanisms that may work in conjunction with your proxy server.