Possibility to delete account (Apple requirement)

[wekitecs]

In GitLab by @fominykh on Jan 24, 2022, 14:43

By 30.06.2022, we need to add a feature to delete user account. The new requirement by Apple is that if the app allows to create a user account, it must also allow to delete it. Currently, we do not have account creation in the mobile app, but I think there is a plan to add this feature.

[wekitecs]

In GitLab by @fominykh on Jan 24, 2022, 14:43

changed due date to June 01, 2022

[fominykh]

In Moodle, I do not see a possibility to delete my user account from my profile. Reading forums, people say that there should be an option for a regular user to request account deletion, which triggers a message to an admin. This is a bit too manual... We need to investigate how to allow our Moodle users to delete their profiles with an option to delete all user data. @cawke needs an API function to allow this in the app.

[fwild]

Found this: https://moodle.org/plugins/local_gdpr_deleteuserdata (but it was built for Moodle 3.5, may not work anymore?)

[fwild]

But I think this has moved into Moodle core - something along the lines of this: https://support.moodle.com/support/solutions/articles/80000946035-delete-my-data-from-a-moodlecloud-site

I cannot find options to enable the data requests in Moodle, though - for me they do not show up under profile...?

[fwild]

https://docs.moodle.org/36/en/Data_privacy

[fwild]

and it says it is part of Moodle core since 3.5: https://moodle.org/plugins/tool_dataprivacy

[fwild]

found it. needed to switch on:

Contact the privacy officer tool_dataprivacy | contactdataprotectionofficer Default: No If enabled, users will be able to contact the privacy officer and make a data request via a link on their profile page.

Now anyone can click on this link: https://learn.wekit-ecs.com/admin/tool/dataprivacy/createdatarequest.php?type=2 and request deletion.

[fwild]

I propose we simply link to this?

[fominykh]

So, there is still a manual step for an admin to process a deletion request, right? I guess it is sufficient for Apple.

[fwild]

We can activate the 'confirm deletion requests automatically', but I think it is too dangerous - and users could easily delete themselves by mistake?

[fominykh]

We can go with the final step being manual at the moment. I am thinking, this will be different on each Moodle instance, possible to be configured by the admin of an enterprise customer.

[fwild]

Agree.

[cawke]

I propose we simply link to this?

It won't pass Apple's inspection. We need to delete the account from the app, not open the page in the browser. If we don't have access to the API, we can open the page in webview directly in the app. but we have to open the page with the user already logged in.

[fwild]

Hm. That is indeed then more complicated - as we have to emulate the whole login process (or activate the web service login), and I am not sure whether there is a remoting function available for filing the deletion data request. needs some more digging!

The last bit, that deletion is immediate without admin intervention, can be configured - I have seen that we can set a checkbox in the admin settings, which allows users executing their deletion request directly.

[fominykh]

@fwild if you worry that users will delete their profiles and content by mistake, we can add warnings in the app and ask them to type DELETE og something similar, before giving them the access to the delete button.

[fwild]

I worry most about security attacks if deleting via an API is introduced. Need to make sure this is airtight, so that we are not prone to hacker attacks!

[fwild]

I checked how the Moodle app does it - and the Moodle app only allows to locally remove the account data from your device - your account still exists on the Moodle site. While I think it is a good idea to add deletion from remote (especially if we offer signup from remote), maybe we would be able to get away with the same approach?

[fominykh]

So, do you suggest that on the "Delete account" screen in the app, we need two buttons:

• Remove my account data from this device
• Request complete removal of my account and data

[fwild]

Here is the http request documented: https://stackoverflow.com/questions/52896277/login-api-via-webservice-in-moodle

You can try it out directly (with GET): https://arete.ucd.ie/login/token.php?username=YOUR_FORM_USERNAME&password=YOUR_FORM_PASSWORD&service=moodle_mobile_app

I can confirm this works for me, and I get a valid json response: {"token":"mytokenblbla","privatetoken":"myprivatetokeblabla"}

[fwild]

Plan: add web view for registration and web view for delete request; but also investigate if we want to set up https://www.keycloak.org/

[fwild]

API details: https://www.keycloak.org/docs-api/21.0.1/rest-api/index.html