Thanks Marta, I appreciate the feedback and will look into those links.
Regards
Ed

-----Original Message-----
From: Marta Vila [mailto:martav...@gmail.com] 
Sent: Wednesday, 21 February 2018 11:23 AM
To: Edward Robinson <erobin...@projectbalance.com>
Cc: Ignacio Foche <nacho.fo...@gmail.com>; dhis2-users 
<dhis2-users@lists.launchpad.net>
Subject: Re: [Dhis2-users] Android applications security risk

Hi Ed,

those request were actually pretty popular when we had the community feedback 
and they are being included in the new App. Unfortunately they will not be 
present in the current Apps.

These are a fre Jira issues about improving security that you might want to 
follow  up:

- Do not delete data when user logs out
https://jira.dhis2.org/browse/ANDROAPP-582
- Lock app to prevent unauthorised access
https://jira.dhis2.org/browse/ANDROAPP-590
- Block after Multiple access Failure https://jira.dhis2.org/browse/ANDROAPP-616
- Access auditing  https://jira.dhis2.org/browse/ANDROAPP-610
- Encrypt data base  https://jira.dhis2.org/browse/ANDROAPP-588

Best,
Marta


On 19/02/2018, Edward Robinson <erobin...@projectbalance.com> wrote:
> Thanks Ignacio, hopefully it will be implemented soon.  I don’t think 
> it’s unexpected in some communities for people using the app to be 
> sharing their device with other friends / family if it’s a personal 
> device.  I’m not familiar with the technical side of the application, 
> do you know if the data on the device is encrypted at rest?
> Regards
> Ed
>
> From: Ignacio Foche [mailto:nacho.fo...@gmail.com]
> Sent: Monday, 19 February 2018 3:36 AM
> To: Edward Robinson <erobin...@projectbalance.com>
> Cc: dhis2-users <dhis2-users@lists.launchpad.net>
> Subject: Re: [Dhis2-users] Android applications security risk
>
> Hi Ed,
>
> In the Current DHIS2 Apps there's no way to ask for the password in a 
> per-session basis (nothing like a sign-out + sign-in without DB wipe). 
> As far as I know, there are plans for this on the new app (at least 
> we've already provided such a function in the new SDK) but regarding 
> the new app roadmap I'm not the appropriate person to talk, so I leave 
> Marta to complete my answer.
>
> In the meanwhile, I would suggest protecting your device with a PIN, 
> so only the authorized person can unblock the device.
>
> I hope it helps.
>
> Best regards
>
> Le ven. 16 févr. 2018 à 19:18, Edward Robinson 
> <erobin...@projectbalance.com<mailto:erobin...@projectbalance.com>> a 
> écrit
> :
> Is there any way to sign out of the Android application?  We’re 
> wanting to use it to track highly sensitive patient level data in the 
> field but can’t find a sign out option in the application.  I’m 
> concerned that if a field worker loses a phone this is a serious 
> security risk.  Am I missing something, or is there no way to sign out 
> of the application without wiping the local data?  Is this a feature still 
> planned for future?
>
> Regards
> Ed
> _______________________________________________
> Mailing list: https://launchpad.net/~dhis2-users
> Post to     :
> dhis2-users@lists.launchpad.net<mailto:dhis2-users@lists.launchpad.net
> > Unsubscribe : https://launchpad.net/~dhis2-users
> More help   : https://help.launchpad.net/ListHelp
> --
> Ignacio Foche Pérez
>
_______________________________________________
Mailing list: https://launchpad.net/~dhis2-users
Post to     : dhis2-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-users
More help   : https://help.launchpad.net/ListHelp

Reply via email to