Open taqo-issues-bot opened 3 years ago
taqo-issues-bot
commented
3 years ago 
Related: Mike is converting local storage to use flutter_secure_storage which will cover the experiments case. It is unclear if this is a good idea for the events data (sqlite) since it can grow to be very large.
taqo-issues-bot
commented
3 years ago 
Maybe one can use flutter_secure_storage to store an encryption key and store the real database in the file system but encrypted using that key.
BTW, the API of flutter_secure_storage seems to be designed for iOS and Android exclusively. For example, they have iOptions and aOptions explicitly in the API argument write({@required String key, @required String value, IOSOptions iOptions, AndroidOptions aOptions}). Extending it to other OSes may break the API compatibility with upstream.
taqo-issues-bot
commented
3 years ago
Good idea.
On macOS we can do the same thing with KeyChain, we may just have to do a platform specific branch either to using the flutter_secure_storage plugin or to using KeyChain.
On Linux?
On iOS and Android, all the user data are written into a private container that other apps cannot access. On macOS although the user data are still written into a sandboxed container, that sandbox can be accessed from outside, namely at
~/Library/Containers/your.app.bundleId. This may cause privacy issues when the surveys are sensitive (e.g. health related). We need to secure user data on macOS (e.g. by encryption).Note that not only the SQLite database, but also the files storing joined experiments, need to be protected. For example, one may infer a user's health condition based on which health related experiments the user has joined.