Is AnchorGrid secure? How session encryption works
How AnchorGrid secures an iOS screen-sharing session: DTLS-SRTP encryption, peer-to-peer with encrypted relay fallback, short-lived codes, view-only, and an audit log.
If your job is to approve this before it touches a device, this page is for you. Here is exactly how an AnchorGrid session is secured, and where the honest limits are.
The sensitive thing in a screen-sharing session is the screen. So the short version: the screen is encrypted in transit between the device and the technician, the session is view-only and attended, access is gated by a short-lived code and your workspace identity, and every session is logged.
Encryption in transit
AnchorGrid streams the screen over WebRTC. The media is encrypted with DTLS-SRTP, the same standard browsers use for encrypted calls. The encryption keys are negotiated directly between the two endpoints, the user’s device and the technician’s browser, so the picture is protected the whole way across the network.
The connection path, and what the relay can see
The stream connects peer-to-peer when the network allows it. When NAT or a firewall blocks a direct path, it falls back to a TURN relay. The important part for review: the relay only forwards the already-encrypted packets. It does not hold the media keys and cannot decrypt the screen. The signaling server, likewise, only passes the setup metadata needed to establish the connection; the video does not flow through it.
Who can start a session
- A session is started from the device and identified by a 9-digit code that is valid only briefly and is claimed by a single technician. It is not a standing address anyone can dial.
- The technician has to be a signed-in member of your workspace. Sessions are scoped to the workspace; one tenant cannot see another’s.
- Workspaces support Microsoft SSO, optional two-factor for technicians, and email verification, so the account watching the screen is a real, authorized member of your team.
View-only, by design
The technician can watch the screen. They cannot tap, type, or control the device, and there is no unattended or background mode. iOS does not permit remote control or background capture for any third-party app, and AnchorGrid does not try to work around that. The user starts the broadcast themselves, iOS shows a persistent recording indicator the whole time, and stopping the broadcast or closing the app ends the stream immediately.
Session lifecycle
A session lives only while both sides are connected. The moment either side disconnects, it ends, and nothing keeps running on the device afterward. There is no persistent agent phoning home between sessions.
Audit
Every session is written to a workspace-scoped audit log, visible to your admins with role-aware visibility, so you have a record of who connected and when.
The honest limits
- It is iOS and iPadOS only, and view-only. If you need to control a device or support other platforms, this is not the tool.
- Encryption protects the screen in transit. A technician who is authorized to view a session can, of course, see whatever the user chooses to share while it is live, which is the point of a support session. Share accordingly.
The deeper security write-up lives on the product site: how AnchorGrid keeps a session secure. For the practical side, see how to view an iPhone screen remotely for IT support, and for tool selection, AnchorGrid vs TeamViewer.
AnchorGrid is in private beta. If you support iPhones or iPads and want view-only remote support without MDM, request access.
Request beta access