Can a Collect admin password be bypassed?

is it possible to bypass the password of admin?

1 Like

I fear that there may be a risk of unauthorized individuals gaining access to the admin password, potentially leading to data breaches, tampering, or other malicious activities that could compromise the integrity and confidentiality of our information.

It is technically possible for someone to get access to a Collect project's admin password or restricted settings but unlikely. It would require someone to get physical access to the device while it is unlocked and to be able to get root access to it.

The admin password protects access to restricted settings and can be used to do things like limit access to filled data from Collect. It does not provide additional security beyond that.

Are you mostly concerned about data collectors themselves tampering with the configuration or with external actors?

The most important thing you can do for Collect security is making sure the device is secure:

  • Make sure the device automatically locks and is secured with a PIN or biometrics.
  • Make sure you trust the device manufacturer. Some low-cost Android device manufacturers are known to or suspected of including malicious software or security measures that can be bypassed. Here is an article that finishes with a good list of things to consider when picking device brands.
  • Don't root your devices. In the specific case of the admin password, a user with root access to the device can recover it.
  • Make sure firmware and software are up to date.
1 Like

It's also possible to get the admin password from the QR code if it's included because it is only base64 encoded, not encrypted.