a. What is your security recommendation? Why did you choose it?
The security measures I think our app will need in the future when Authorization is implemented is the Android Keystore for Data Storage to securely store authentication credentials (access tokens and encrypted passwords) to make sure that the user’s credentials are not included in device backups. Android keystore has a hardware-backend storing mechanism to protect user sensitive information if the device is compromised.
b. Who does the recommendation benefit (end-user, developer, etc.)?
This benefits both end-users and devOps as it protects the end-user’s credentials and sensitive information, and reduces risks for devOps and liability holding sensitive data.
d. When would the recommendation have to be implemented (based on how serious the security risk is)?
Since credentials and sensitive data can be a high-severity risk, ideally it should be implemented as soon as possible.
e. Why do you think your project needs your recommendation?
Sensitive data should always be protected from anyone who is unauthorized to handle them. Once authorization will be implemented, protection of information will be required.
f. How do you think your recommendation could be applied?
Store authentication tokens or keys in Android keystore by writing the access token into Keystore given to a user who logs in and create backup rules to ensure sensitive data is not part of it.
i. How feasible would the implementation be?
Androids built in APIs and documentation along with common libraries should allow for ease in implementing security
a. What is your security recommendation? Why did you choose it?
The security measures I think our app will need in the future when Authorization is implemented is the Android Keystore for Data Storage to securely store authentication credentials (access tokens and encrypted passwords) to make sure that the user’s credentials are not included in device backups. Android keystore has a hardware-backend storing mechanism to protect user sensitive information if the device is compromised.
b. Who does the recommendation benefit (end-user, developer, etc.)?
This benefits both end-users and devOps as it protects the end-user’s credentials and sensitive information, and reduces risks for devOps and liability holding sensitive data.
d. When would the recommendation have to be implemented (based on how serious the security risk is)?
Since credentials and sensitive data can be a high-severity risk, ideally it should be implemented as soon as possible.
e. Why do you think your project needs your recommendation?
Sensitive data should always be protected from anyone who is unauthorized to handle them. Once authorization will be implemented, protection of information will be required.
f. How do you think your recommendation could be applied?
Store authentication tokens or keys in Android keystore by writing the access token into Keystore given to a user who logs in and create backup rules to ensure sensitive data is not part of it.
i. How feasible would the implementation be?
Androids built in APIs and documentation along with common libraries should allow for ease in implementing security