Open latin-panda opened 3 years ago
Hi @garethbowen @craig-landry, we still need to define the need and solution but just to let you know that this ticket exists :)
The current user session last 1 year, for 2FA to make sense it needs to be shorter than that... other partners might not benefit from a shorter session.
Just wanted to note that this session value is configurable in CouchDB.
Hi @latin-panda,
Based on the feedback we received from the partner, the following proposed additional interventions will help to strengthen CHT security:
cc @mmureithi, @freefony, @BeaWasunna-zz and @michaelkohn
- Being able to delete data when a mobile phone is lost.
- Data encryption for android devices.
CHT already supports and strongly recommends encryption on Android. As well, CHT supports remote wipe for when a phone is lost via mobile device management. For more info both, see our Securing Android Devices documentation.
Thanks for the info @mrjones-plip!! Indeed that's the CHT recommendation, I was reading further yesterday and to add up a bit on the encryption:
... all user-created data is automatically encrypted before committing it to disk and all reads automatically decrypt data before returning it to the calling process ...
developer options
. Please check the official brand and Android documentation. About the CHT Framework itself: We use PouchDB that helps us with the support for offline users, PouchDB doesn't appear to have a built-in encryption however there are some plugins (crypto-pouch, pouch-box, transform-pouch) that attempt to include encryption but in my opinion these aren't mature enough/not enough supporters, can decrease performance (which we try really hard to keep it good), might not fully encrypt the db (form attachments not encrypted, decrypts before replicating anyway), etc...
I consider that Android cover enough the encryption at lower level which is performant.
--
Regarding the deletion of data when a mobile phone is lost Google's mobile management is great solution as it will cover any other data like videos, documents, photos and apps in the phone, not only CHT-Android app, so it's just 1 action per lost phone.
--
@antonykhaemba @mmureithi, based on the partner feedback in the last meeting, do you think that Android's file based encryption and Google's mobile management resolve their concern and this ticket?
I realized I marked this as scheduled for 3.14.0 when I had not intended to. I'm removing the milestone now. There are some interesting aspects to this, but not what we can do within the 3.14.0 release. Through the thread here it sounds like some of the desired protections may be provided by Android. If they are, great. Outside of that, this is not intended for active development right now.
Hi @antonykhaemba @mmureithi @freefony, this is the explanation I mentioned yesterday in the squad meeting.
Please let us know if the partner has further concerns that would like to review.
Feature I-TECH Malawi is looking to strengthen their user account security in CHT-Core Desktop and Android app.
Describe a possible solution The partner suggestion is to implement two factor authentication, however there are several considerations around the implementation, some are:
Describe alternatives considered Add a PIN to CHT-Android app when returning from the background to stop other people from accessing.
Additional context A discovery process is needed to determine the partner's root concern and be able to find a solution that best fit to the partner and CHT as community.
The partner has approved a budget for this work.
Team: @antonykhaemba @BeaWasunna-zz @michaelkohn @mmureithi