Data protection after app is exited

  • 2
  • Question
  • Updated 6 years ago
Hi,

If a PG app retrieves sensitive data via a SSL secured web service and displays that data what happens when the app exits?

Is the data still available in the webviews (device browsers?) cache / history? Does it depend on the device platform?

Also is there any way that a GP app's data can be encrypted so if the device was lost then any data in local storage would not be accessible.

thanks,
Photo of John Taylor

John Taylor

  • 13 Posts
  • 0 Reply Likes

Posted 8 years ago

  • 2
Photo of Andrew Lunny

Andrew Lunny

  • 1911 Posts
  • 199 Reply Likes
Good question - which platforms are you developing for?
Photo of John Taylor

John Taylor

  • 13 Posts
  • 0 Reply Likes
Primarily Android but also potentially iOS and Windows Phone.
Photo of Patrick Patterson

Patrick Patterson

  • 1 Post
  • 0 Reply Likes
Once this information is determined can it be added to the docs for easy finding.
Photo of Andrew Lunny

Andrew Lunny

  • 1911 Posts
  • 199 Reply Likes
As far as I know the PhoneGap/Cordova framework doesn't do anything in particular - if the webview is caching it, PhoneGap doesn't do anything to clear it.

I'll point some of the native developers to this thread and see what their input is.
Photo of Shazron

Shazron, Developer Level 42

  • 37 Posts
  • 2 Reply Likes
I can only speak for iOS. What we do is inherited from the system UIWebView (UIKit behaviour). Some answers below.

Q1. If a PG app retrieves sensitive data via a SSL secured web service and displays that data what happens when the app exits?

A1. If it's SSL, it is encrypted. It may be cached by the system (but again, encrypted).

Q2. Is the data still available in the webviews (device browsers?) cache / history? Does it depend on the device platform?

A2. This data is sandboxed only for your app, and not accessible by Mobile Safari nor other apps' UIWebViews.

Q3. Also is there any way that a GP app's data can be encrypted so if the device was lost then any data in local storage would not be accessible.

A3. This can only be possible if the user put a PIN lock on their device, this will encrypt all data. You can however, encrypt this data before storing in localStorage. This is proprietary to iOS, but you can use the iOS Keychain to store your data (the data there is encrypted).
Photo of Rckt

Rckt

  • 5 Posts
  • 0 Reply Likes
Shazron - do you have any examples of the technique in A3?