dhis2-users team mailing list archive

[Marta Vila <martavila@xxxxxxxxx>]

Hi Ed,

those request were actually pretty popular when we had the community
feedback and they are being included in the new App. Unfortunately
they will not be present in the current Apps.

These are a fre Jira issues about improving security that you might
want to follow  up:

- Do not delete data when user logs out
https://jira.dhis2.org/browse/ANDROAPP-582
- Lock app to prevent unauthorised access
https://jira.dhis2.org/browse/ANDROAPP-590
- Block after Multiple access Failure https://jira.dhis2.org/browse/ANDROAPP-616
- Access auditing  https://jira.dhis2.org/browse/ANDROAPP-610
- Encrypt data base  https://jira.dhis2.org/browse/ANDROAPP-588

Best,
Marta


On 19/02/2018, Edward Robinson <erobinson@xxxxxxxxxxxxxxxxxx> wrote:
> Thanks Ignacio, hopefully it will be implemented soon.  I don’t think it’s
> unexpected in some communities for people using the app to be sharing their
> device with other friends / family if it’s a personal device.  I’m not
> familiar with the technical side of the application, do you know if the data
> on the device is encrypted at rest?
> Regards
> Ed
>
> From: Ignacio Foche [mailto:nacho.foche@xxxxxxxxx]
> Sent: Monday, 19 February 2018 3:36 AM
> To: Edward Robinson <erobinson@xxxxxxxxxxxxxxxxxx>
> Cc: dhis2-users <dhis2-users@xxxxxxxxxxxxxxxxxxx>
> Subject: Re: [Dhis2-users] Android applications security risk
>
> Hi Ed,
>
> In the Current DHIS2 Apps there's no way to ask for the password in a
> per-session basis (nothing like a sign-out + sign-in without DB wipe). As
> far as I know, there are plans for this on the new app (at least we've
> already provided such a function in the new SDK) but regarding the new app
> roadmap I'm not the appropriate person to talk, so I leave Marta to complete
> my answer.
>
> In the meanwhile, I would suggest protecting your device with a PIN, so only
> the authorized person can unblock the device.
>
> I hope it helps.
>
> Best regards
>
> Le ven. 16 févr. 2018 à 19:18, Edward Robinson
> <erobinson@xxxxxxxxxxxxxxxxxx<mailto:erobinson@xxxxxxxxxxxxxxxxxx>> a écrit
> :
> Is there any way to sign out of the Android application?  We’re wanting to
> use it to track highly sensitive patient level data in the field but can’t
> find a sign out option in the application.  I’m concerned that if a field
> worker loses a phone this is a serious security risk.  Am I missing
> something, or is there no way to sign out of the application without wiping
> the local data?  Is this a feature still planned for future?
>
> Regards
> Ed
> _______________________________________________
> Mailing list: https://launchpad.net/~dhis2-users
> Post to     :
> dhis2-users@xxxxxxxxxxxxxxxxxxx<mailto:dhis2-users@xxxxxxxxxxxxxxxxxxx>
> Unsubscribe : https://launchpad.net/~dhis2-users
> More help   : https://help.launchpad.net/ListHelp
> --
> Ignacio Foche Pérez
>