Discussion about Server-App-Architecture

[haetze]

Finances are sensible topic. Trusting someone to store it on their Server requires special precautions. I would argue that it is safer to make all calculations local such that no data leaves the device.

[Feniel]

Our idea was to build an instance on your own server which takes the images from the phone an analyze it and store the numbers. Is your Idea to keep all data on the phone and store it there or just do the calculations on the phone and send the data to the server ?

[haetze]

I would expect to have all the data on the phone (or computer) where it is created. Allowing for file/db export seems reasonable, but having a continues stream of data from the phone to the server introduces an additional attack vector. Back ups solutions can be implemented separately (maybe platform dependent).

[tstelzle]

This seems reasonable. But this also means, that we would have to implement the reading and analyzing of the picture on every new platform we want to add. Wouldn't it be better to look for a way to securely send the picture to the server?

[haetze]

If you would control the server that seams feasible. The problem is that the burden of securing the connection moves partially to the user. This means that this discussion is also a discussion about the target audience. (End User vs. Tech people wanting an overview of their (and their friends and families) Finances)

[haetze]

We could also investigate Cross-Platform development for picture analysis.

[Feniel]

Actually we only wanted to use this for ourselves. But the point with the storage and the target audience is also justified. Would it be possible to choose at the beginning of the installation of the app if you process the data on your mobile phone or on a server? That would be a good compromise for your own benefit, and yet it also focuses on a larger number of users.

[tstelzle]

We could also investigate Cross-Platform development for picture analysis.

As Feniel suggested, I would first focus on making the server application and then make an option for running it on your device. I would then investigate cross-platform development.