Password on form

**** Don't give me fish, teach me how to fish

Kayoub K
0772656158 / 0703516660
Data Manager
Mujhu Research Collaboration
Mulago Hosp
Msc Enterprise Architecture

On Thu, May 26, 2016 at 12:29 PM, Ayoub Kakande akakande@gmail.com wrote:

Hi all,
Am in the process of developing a form that will be used by entrants in the
field
One of the concerns my funders have is security of the data while it's still
on the tablet more so for the un-finalized forms.
QTN. 1) Is there a way to have a password before opening the form apart from
app-locks
2) Initially once a form was finalized there was no way it could be edited,
as of late even when a form is finalized it can still be accessed under
edit, I wonder what could have gone wrong as i want finalized forms not to
be edited again.
Thanks
Ayoub

--
**In sun set years education is not associated with standard of living and
medical care access; it is the the financial myosin and actin!!!

**** Don't give me fish, teach me how to fish

Kayoub K
0772656158 / 0703516660
Data Manager
Mujhu Research Collaboration
Mulago Hosp
Msc Enterprise Architecture

--

Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

---

You received this message because you are subscribed to the Google Groups
"ODK Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to opendatakit+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Yaw,

I think that you are missing the point. What *Ayoub *is looking for is
the tab's security not security as in securing the data in transit. I guess
https will only secure the data in transit but if I can get hold of the
tablet then I can access the data. I just though of clarifying this. Sorry
if I am the one who did not get the question right.

Allan

On Wednesday, June 1, 2016 at 11:48:08 AM UTC+2, Yaw Anokwa wrote:

Ayoub,

If you are concerned about security, the most secure option is to
enable encrypted forms (https://opendatakit.org/help/encrypted-forms/)
and then require forms to be finalized before they are saved.

Even with encrypted forms, unfinalized forms are written in plain text
because that is the only way to enable editing. Depending on the
device and version of Android, you can enable device-level encryption
to secure the unfinalized forms.

https://opendatakit.org/about/security-and-privacy-statement also has
a lot of relevant information you should read through.

To answer your questions...

1. You can add a form question that branches to the end of the
   question based on a hard coded password, but this won't really secure
   the data. Encryption (form or device) is the only way to secure form
   data. Anything else is security theater.

2. I'm pretty sure the encryption code in Collect hasn't changed for a
   while. Start with a simple one question form and make sure form
   encryption is working on your devices. Then troubleshoot your existing
   form after that.

Yaw

Need ODK consultants? Nafundi provides form design, server setup,
in-field training, and software development for ODK. Go to
https://nafundi.com to get started.

On Thu, May 26, 2016 at 12:29 PM, Ayoub Kakande akak...@gmail.com wrote:

Hi all,
Am in the process of developing a form that will be used by entrants in
the
field
One of the concerns my funders have is security of the data while it's
still
on the tablet more so for the un-finalized forms.
QTN. 1) Is there a way to have a password before opening the form apart
from
app-locks
2) Initially once a form was finalized there was no way it could be
edited,
as of late even when a form is finalized it can still be accessed
under
edit, I wonder what could have gone wrong as i want finalized forms not
to
be edited again.
Thanks
Ayoub

--
**In sun set years education is not associated with standard of living
and
medical care access; it is the the financial myosin and actin!!!

**** Don't give me fish, teach me how to fish

Kayoub K
0772656158 / 0703516660
Data Manager
Mujhu Research Collaboration
Mulago Hosp
Msc Enterprise Architecture

--

Post: opend...@googlegroups.com
Unsubscribe: opendatakit...@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

---

You received this message because you are subscribed to the Google
Groups
"ODK Community" group.
To unsubscribe from this group and stop receiving emails from it, send
an
email to opendatakit...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

---

You received this message because you are subscribed to the Google Groups
"ODK Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to opendatakit+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
**In sun set years education is not associated with standard of living and
medical care access; it is the the financial myosin and actin!!!

**** Don't give me fish, teach me how to fish

Kayoub K
0772656158 / 0703516660
Data Manager
Mujhu Research Collaboration
Mulago Hosp
Msc Enterprise Architecture

On Thu, Jun 2, 2016 at 9:03 AM, Ayoub Kakande akakande@gmail.com wrote:

On point Allan

On 1 June 2016 at 13:52, Allan Nila Chongwe allanchongwe@gmail.com wrote:

Yaw,

I think that you are missing the point. What Ayoub is looking for is the
tab's security not security as in securing the data in transit. I guess
https will only secure the data in transit but if I can get hold of the
tablet then I can access the data. I just though of clarifying this. Sorry
if I am the one who did not get the question right.

Allan

On Wednesday, June 1, 2016 at 11:48:08 AM UTC+2, Yaw Anokwa wrote:

Ayoub,

If you are concerned about security, the most secure option is to
enable encrypted forms (https://opendatakit.org/help/encrypted-forms/)
and then require forms to be finalized before they are saved.

Even with encrypted forms, unfinalized forms are written in plain text
because that is the only way to enable editing. Depending on the
device and version of Android, you can enable device-level encryption
to secure the unfinalized forms.

https://opendatakit.org/about/security-and-privacy-statement also has
a lot of relevant information you should read through.

To answer your questions...

1. You can add a form question that branches to the end of the
   question based on a hard coded password, but this won't really secure
   the data. Encryption (form or device) is the only way to secure form
   data. Anything else is security theater.

2. I'm pretty sure the encryption code in Collect hasn't changed for a
   while. Start with a simple one question form and make sure form
   encryption is working on your devices. Then troubleshoot your existing
   form after that.

Yaw

Need ODK consultants? Nafundi provides form design, server setup,
in-field training, and software development for ODK. Go to
https://nafundi.com to get started.

On Thu, May 26, 2016 at 12:29 PM, Ayoub Kakande akak...@gmail.com wrote:

Hi all,
Am in the process of developing a form that will be used by entrants in
the
field
One of the concerns my funders have is security of the data while it's
still
on the tablet more so for the un-finalized forms.
QTN. 1) Is there a way to have a password before opening the form apart
from
app-locks
2) Initially once a form was finalized there was no way it could be
edited,
as of late even when a form is finalized it can still be accessed
under
edit, I wonder what could have gone wrong as i want finalized forms not
to
be edited again.
Thanks
Ayoub

--
**In sun set years education is not associated with standard of living
and
medical care access; it is the the financial myosin and actin!!!

**** Don't give me fish, teach me how to fish

Kayoub K
0772656158 / 0703516660
Data Manager
Mujhu Research Collaboration
Mulago Hosp
Msc Enterprise Architecture

--

Post: opend...@googlegroups.com
Unsubscribe: opendatakit...@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

---

You received this message because you are subscribed to the Google
Groups
"ODK Community" group.
To unsubscribe from this group and stop receiving emails from it, send
an
email to opendatakit...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

---

You received this message because you are subscribed to the Google Groups
"ODK Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to opendatakit+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
**In sun set years education is not associated with standard of living and
medical care access; it is the the financial myosin and actin!!!

**** Don't give me fish, teach me how to fish

Kayoub K
0772656158 / 0703516660
Data Manager
Mujhu Research Collaboration
Mulago Hosp
Msc Enterprise Architecture

--

Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

---

You received this message because you are subscribed to the Google Groups
"ODK Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to opendatakit+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Hi Ayoub,

HTTPS secures the data in transit, but encrypted forms secure the
finalized data at rest.

"Encrypted forms apply asymmetric public key encryption at the time
the form is finalized within ODK Collect...This process ensures that
the finalized form's data (and media attachments) are encrypted before
being submitted to ODK Aggregate, remain encrypted while stored on ODK
Aggregate, and remain encrypted as the data and attachments are pulled
into ODK Briefcase, where they are again stored in encrypted form."
– https://opendatakit.org/help/encrypted-forms

The caveat is that encrypted forms are only encrypted when they are
finalized and they can't be viewed or edited. If you want to secure
unfinalized forms, the best way is to use Android's built-in device
encryption and that (depending on your device) should secure the SD
card from users who don't know the PIN/password to the device itself.

Does that answer your question?

Yaw

Need ODK consultants? Nafundi provides form design, server setup,
in-field training, and software development for ODK. Go to
https://nafundi.com to get started.

On Thu, Jun 2, 2016 at 9:03 AM, Ayoub Kakande akakande@gmail.com wrote:

On point Allan

On 1 June 2016 at 13:52, Allan Nila Chongwe allanchongwe@gmail.com wrote:

Yaw,

I think that you are missing the point. What Ayoub is looking for is the
tab's security not security as in securing the data in transit. I guess
https will only secure the data in transit but if I can get hold of the
tablet then I can access the data. I just though of clarifying this.
Sorry
if I am the one who did not get the question right.

Allan

On Wednesday, June 1, 2016 at 11:48:08 AM UTC+2, Yaw Anokwa wrote:

Ayoub,

If you are concerned about security, the most secure option is to
enable encrypted forms (https://opendatakit.org/help/encrypted-forms/)
and then require forms to be finalized before they are saved.

Even with encrypted forms, unfinalized forms are written in plain text
because that is the only way to enable editing. Depending on the
device and version of Android, you can enable device-level encryption
to secure the unfinalized forms.

https://opendatakit.org/about/security-and-privacy-statement also has
a lot of relevant information you should read through.

To answer your questions...

1. You can add a form question that branches to the end of the
   question based on a hard coded password, but this won't really secure
   the data. Encryption (form or device) is the only way to secure form
   data. Anything else is security theater.

2. I'm pretty sure the encryption code in Collect hasn't changed for a
   while. Start with a simple one question form and make sure form
   encryption is working on your devices. Then troubleshoot your existing
   form after that.

Yaw

Need ODK consultants? Nafundi provides form design, server setup,
in-field training, and software development for ODK. Go to
https://nafundi.com to get started.

On Thu, May 26, 2016 at 12:29 PM, Ayoub Kakande akak...@gmail.com wrote:

Hi all,
Am in the process of developing a form that will be used by entrants
in
the
field
One of the concerns my funders have is security of the data while
it's
still
on the tablet more so for the un-finalized forms.
QTN. 1) Is there a way to have a password before opening the form
apart
from
app-locks
2) Initially once a form was finalized there was no way it could be
edited,
as of late even when a form is finalized it can still be accessed
under
edit, I wonder what could have gone wrong as i want finalized forms
not
to
be edited again.
Thanks
Ayoub

--
**In sun set years education is not associated with standard of
living
and
medical care access; it is the the financial myosin and actin!!!

**** Don't give me fish, teach me how to fish

Kayoub K
0772656158 / 0703516660
Data Manager
Mujhu Research Collaboration
Mulago Hosp
Msc Enterprise Architecture

--

Post: opend...@googlegroups.com
Unsubscribe: opendatakit...@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

---

You received this message because you are subscribed to the Google
Groups
"ODK Community" group.
To unsubscribe from this group and stop receiving emails from it,
send
an
email to opendatakit...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

---

You received this message because you are subscribed to the Google
Groups
"ODK Community" group.
To unsubscribe from this group and stop receiving emails from it, send
an
email to opendatakit+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
**In sun set years education is not associated with standard of living
and
medical care access; it is the the financial myosin and actin!!!

**** Don't give me fish, teach me how to fish

Kayoub K
0772656158 / 0703516660
Data Manager
Mujhu Research Collaboration
Mulago Hosp
Msc Enterprise Architecture

--

Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

---

You received this message because you are subscribed to the Google Groups
"ODK Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to opendatakit+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

---

You received this message because you are subscribed to the Google Groups
"ODK Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to opendatakit+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
**In sun set years education is not associated with standard of living and
medical care access; it is the the financial myosin and actin!!!

**** Don't give me fish, teach me how to fish

Kayoub K
0772656158 / 0703516660
Data Manager
Mujhu Research Collaboration
Mulago Hosp
Msc Enterprise Architecture