Project Phase 6: Security Recommendations #8
Description
Security Recommendations
What is your security recommendation? Why did you choose it?
For our security recommendation, I feel like focusing on implementing a better level of Data Storage would be the strongest addition to our application to improve the users’ experience, and ensure our application has appropriate storage to ensure our customers’ safety. The main reasons this would be the way to go is that there would be no sensitive data shared with third parties unless explicitly being asked and giving the user the choice of what to and what to not share, and having no sensitive data ever written to application logs it ensures the safety of the information if there was any type of breach. With our application being tied to the users’ account to load data, having no sensitive data exposed through the user interface, like signing in what a password or adding a payment method if needed would add a strong layer of defense. If the user resets or purchases a new phone and wants to use a backup of previous data our application will not save sensitive information, so the user will have to manually input everything again, and with it being a mobile app, having sensitive data removed when the app is running in the background will give our users’ the ease of mind with their data.
Who does the recommendation benefit (end-user, developer, etc.)?
This recommendation benefits both the user and the developer. The users’ top priority will most likely be the security and safety of their information when downloading an application, and creating an account that uses a password that stores an email address full name and possibly payment information and address, having this security feature would be a strong influence on if the user downloads our application. I also personally feel that this recommendation benefits the developer as well. Creating an application there are morals and pressure in play to make sure all of the people willing to download and try a new application are satisfied and safe. A strong and secure app will ease the developers mind knowing there are layers of defense in play to make sure people are safe and not having their information stolen and having to deal with bad reviews and emails from users asking why their information has been exposed.
When would the recommendation have to be implemented (based on how serious the security risk is)?
This recommendation should be implemented during development and ideally in the planning phase of the app. Having any type of personal information saved or used in an application is a strong security risk and needs to be implemented and tested vigorously before the app goes live.
Why do you think your project needs your recommendation?
Our project needs this recommendation because we have implemented an account that displays the name and email address currently of the user. Having any type of information saved in an account and having preferences and playlists saved should be looked at as a security risk right away and currently, we don’t have any measures in place to defend against any type of breach.
How do you think your recommendation could be applied? / How feasible would the implementation be?
We could incorporate secure data encryption and local storage, SQLite for example could be a good choice to look at as it incorporates local lightweight storage for mobile apps and has features like database encryption for 256-bit AES encryption of files. Ensuring that sensitive data is not stored or displayed without the users’ permission and giving them a clear option to set on the interface. Feasibility would require a lot of time and effort spent in research and expertise in making sure all measures are coded correctly and have been constantly tested with every change, and continued testing up until the app goes live. Doing this ensures that our users will have trust in our application and help with the success and sustainability of the app.