Some of my thoughts on top of Mitch's answer:
#1 - Here, I am assuming that you guys will enable the SD card encryption
and set the passcode for each device manually before the project rollout.
This means you will take care of mapping each device passcode and the
device itself (somehow labeled with Unique ID) on the server (This is for
recovery just in case the data collector forgets the passcode). Here are
the difficulties with this assumption:
a. it will be cumbersome once you pass few number of devices (like 50),
so large scale will be a nightmare.
b. You are locking down the device with a single passcode access, which
means it is not possible to share devices among data collectors unless they
share the same passcode
c. account recovery procedure still be difficult.
If you are assuming the data collector to setup the SD card encryption, I
would like to hear how you manage the account and data recovery procedure
when they lost their passcode.
As Mitch stated, once the device is unlocked, the data is available to all
installed apps. If you have a malicious app by chance, it can easily
compromise the data. In addition, the encryption feature is not available
in all devices, for instance: Android 4.0 (ICS) does not have the ability
to encrypt removable storage
https://groups.google.com/forum/?fromgroups=#!topic/android-security-discuss/vZy-cHC0Dnw
.
#3. No. The ODK binary is signed (self-signed) by the project (if it is
customized app) or by ODK (the default). The play store doesn't sign the
app, instead it uses a tool called "bouncer" to simulate the app and checks
against some known malicious behavior. Google introduced this tool to
mitigate the high rate of malicious app in the play store (used to be
around 220%, after the tool, it is estimated 40%).
The signing is for keeping the integrity of the app, for updates signed by
the app owner, and process/userID sharing among multiple apps signed by the
same key. The Android platform enforce the this during app installation and
updates. On rooted device, this function still exist, but as Mitch said, it
is impacted. If you are considering rooted device, I will be more concerned
with SD card encryption (which heavily relied on platform security feature).
We have come a long way to address the security issues in mobile data
collection systems. Here is a reference:
https://bora.uib.no/handle/1956/10652 and testing is underway to provide
some of the security features on ODK. If you are concerned with data
protection while data is at rest or in transit (No CA certificate is
needed), user authentication (both local and remote, multi-user support per
device, recovery both data + account), we can have further discussion.
Best,
Samson Gejibo, PhD
University of Bergen | Department of Informatics
Thormøhelnsgt. 55, Postboks 7800
NO-5020 Bergen
Office: +4755584278
Mobile: +4745137535
···
On Fri, Nov 13, 2015 at 4:14 PM, Tom Smyth wrote:
Hi folks. Are these assumptions correct:
- ODK stores data on the sdcard, so if the sdcard is encrypted by
Android, then all ODK data on the phone is as secure as the phone's
encryption system
- ODK data is sent to the server via SSL, so all ODK data
transmission is as secure as SSL itself
- The ODK binary is signed by the Play store so we can assume it is
genuine.
Thanks.
--
Tom Smyth
Worker-Owner, Sassafras Tech Collective
Specializing in innovative, usable tech for social change
sassafras.coop · @sassafrastech
Resident, Touchstone Cohousing
touchstonecohousing.org
--
You received this message because you are subscribed to the Google Groups
"ODK Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to opendatakit-developers+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
http://www.uib.no/persons/Thorkild.Tylleskar#profil