Password on form

Hi all,
Am in the process of developing a form that will be used by entrants in the
field
One of the concerns my funders have is security of the data while it's
still on the tablet more so for the un-finalized forms.
QTN. 1) Is there a way to have a password before opening the form apart
from app-locks
2) Initially once a form was finalized there was no way it could be edited,
as of late even when a form is finalized it can still be accessed under
edit, I wonder what could have gone wrong as i want finalized forms not to
be edited again.
Thanks
Ayoub

ยทยทยท -- **In sun set years education is not associated with standard of living and medical care access; it is the the financial myosin and actin!!!

**** Don't give me fish, teach me how to fish

Kayoub K
0772656158 / 0703516660
Data Manager
Mujhu Research Collaboration
Mulago Hosp
Msc Enterprise Architecture

Ayoub,

If you are concerned about security, the most secure option is to
enable encrypted forms (https://opendatakit.org/help/encrypted-forms/)
and then require forms to be finalized before they are saved.

Even with encrypted forms, unfinalized forms are written in plain text
because that is the only way to enable editing. Depending on the
device and version of Android, you can enable device-level encryption
to secure the unfinalized forms.

https://opendatakit.org/about/security-and-privacy-statement also has
a lot of relevant information you should read through.

To answer your questions...

  1. You can add a form question that branches to the end of the
    question based on a hard coded password, but this won't really secure
    the data. Encryption (form or device) is the only way to secure form
    data. Anything else is security theater.

  2. I'm pretty sure the encryption code in Collect hasn't changed for a
    while. Start with a simple one question form and make sure form
    encryption is working on your devices. Then troubleshoot your existing
    form after that.

Yaw

ยทยทยท -- Need ODK consultants? Nafundi provides form design, server setup, in-field training, and software development for ODK. Go to https://nafundi.com to get started.

On Thu, May 26, 2016 at 12:29 PM, Ayoub Kakande akakande@gmail.com wrote:

Hi all,
Am in the process of developing a form that will be used by entrants in the
field
One of the concerns my funders have is security of the data while it's still
on the tablet more so for the un-finalized forms.
QTN. 1) Is there a way to have a password before opening the form apart from
app-locks
2) Initially once a form was finalized there was no way it could be edited,
as of late even when a form is finalized it can still be accessed under
edit, I wonder what could have gone wrong as i want finalized forms not to
be edited again.
Thanks
Ayoub

--
**In sun set years education is not associated with standard of living and
medical care access; it is the the financial myosin and actin!!!

**** Don't give me fish, teach me how to fish

Kayoub K
0772656158 / 0703516660
Data Manager
Mujhu Research Collaboration
Mulago Hosp
Msc Enterprise Architecture

--

Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en


You received this message because you are subscribed to the Google Groups
"ODK Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to opendatakit+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

1 Like

Yaw,

I think that you are missing the point. What *Ayoub *is looking for is the
tab's security not security as in securing the data in transit. I guess
https will only secure the data in transit but if I can get hold of the
tablet then I can access the data. I just though of clarifying this. Sorry
if I am the one who did not get the question right.

Allan

ยทยทยท On Wednesday, June 1, 2016 at 11:48:08 AM UTC+2, Yaw Anokwa wrote: > > Ayoub, > > If you are concerned about security, the most secure option is to > enable encrypted forms (https://opendatakit.org/help/encrypted-forms/) > and then require forms to be finalized before they are saved. > > Even with encrypted forms, unfinalized forms are written in plain text > because that is the only way to enable editing. Depending on the > device and version of Android, you can enable device-level encryption > to secure the unfinalized forms. > > https://opendatakit.org/about/security-and-privacy-statement also has > a lot of relevant information you should read through. > > To answer your questions... > > 1. You can add a form question that branches to the end of the > question based on a hard coded password, but this won't really secure > the data. Encryption (form or device) is the only way to secure form > data. Anything else is security theater. > > 2. I'm pretty sure the encryption code in Collect hasn't changed for a > while. Start with a simple one question form and make sure form > encryption is working on your devices. Then troubleshoot your existing > form after that. > > Yaw > -- > Need ODK consultants? Nafundi provides form design, server setup, > in-field training, and software development for ODK. Go to > https://nafundi.com to get started. > > On Thu, May 26, 2016 at 12:29 PM, Ayoub Kakande <akak...@gmail.com > wrote: > > > > Hi all, > > Am in the process of developing a form that will be used by entrants in > the > > field > > One of the concerns my funders have is security of the data while it's > still > > on the tablet more so for the un-finalized forms. > > QTN. 1) Is there a way to have a password before opening the form apart > from > > app-locks > > 2) Initially once a form was finalized there was no way it could be > edited, > > as of late even when a form is finalized it can still be accessed > under > > edit, I wonder what could have gone wrong as i want finalized forms not > to > > be edited again. > > Thanks > > Ayoub > > > > -- > > **In sun set years education is not associated with standard of living > and > > medical care access; it is the the financial myosin and actin!!! > > > > **** Don't give me fish, teach me how to fish > > > > Kayoub K > > 0772656158 / 0703516660 > > Data Manager > > Mujhu Research Collaboration > > Mulago Hosp > > Msc Enterprise Architecture > > > > -- > > -- > > Post: opend...@googlegroups.com > > Unsubscribe: opendatakit...@googlegroups.com > > Options: http://groups.google.com/group/opendatakit?hl=en > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ODK Community" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to opendatakit...@googlegroups.com . > > For more options, visit https://groups.google.com/d/optout. >
1 Like

On point Allan

ยทยทยท On 1 June 2016 at 13:52, Allan Nila Chongwe wrote:

Yaw,

I think that you are missing the point. What *Ayoub *is looking for is
the tab's security not security as in securing the data in transit. I guess
https will only secure the data in transit but if I can get hold of the
tablet then I can access the data. I just though of clarifying this. Sorry
if I am the one who did not get the question right.

Allan

On Wednesday, June 1, 2016 at 11:48:08 AM UTC+2, Yaw Anokwa wrote:

Ayoub,

If you are concerned about security, the most secure option is to
enable encrypted forms (https://opendatakit.org/help/encrypted-forms/)
and then require forms to be finalized before they are saved.

Even with encrypted forms, unfinalized forms are written in plain text
because that is the only way to enable editing. Depending on the
device and version of Android, you can enable device-level encryption
to secure the unfinalized forms.

https://opendatakit.org/about/security-and-privacy-statement also has
a lot of relevant information you should read through.

To answer your questions...

  1. You can add a form question that branches to the end of the
    question based on a hard coded password, but this won't really secure
    the data. Encryption (form or device) is the only way to secure form
    data. Anything else is security theater.

  2. I'm pretty sure the encryption code in Collect hasn't changed for a
    while. Start with a simple one question form and make sure form
    encryption is working on your devices. Then troubleshoot your existing
    form after that.

Yaw

Need ODK consultants? Nafundi provides form design, server setup,
in-field training, and software development for ODK. Go to
https://nafundi.com to get started.

On Thu, May 26, 2016 at 12:29 PM, Ayoub Kakande akak...@gmail.com wrote:

Hi all,
Am in the process of developing a form that will be used by entrants in
the
field
One of the concerns my funders have is security of the data while it's
still
on the tablet more so for the un-finalized forms.
QTN. 1) Is there a way to have a password before opening the form apart
from
app-locks
2) Initially once a form was finalized there was no way it could be
edited,
as of late even when a form is finalized it can still be accessed
under
edit, I wonder what could have gone wrong as i want finalized forms not
to
be edited again.
Thanks
Ayoub

--
**In sun set years education is not associated with standard of living
and
medical care access; it is the the financial myosin and actin!!!

**** Don't give me fish, teach me how to fish

Kayoub K
0772656158 / 0703516660
Data Manager
Mujhu Research Collaboration
Mulago Hosp
Msc Enterprise Architecture

--

Post: opend...@googlegroups.com
Unsubscribe: opendatakit...@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en


You received this message because you are subscribed to the Google
Groups
"ODK Community" group.
To unsubscribe from this group and stop receiving emails from it, send
an
email to opendatakit...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en


You received this message because you are subscribed to the Google Groups
"ODK Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to opendatakit+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
**In sun set years education is not associated with standard of living and
medical care access; it is the the financial myosin and actin!!!

**** Don't give me fish, teach me how to fish

Kayoub K
0772656158 / 0703516660
Data Manager
Mujhu Research Collaboration
Mulago Hosp
Msc Enterprise Architecture

Hi Ayoub,

HTTPS secures the data in transit, but encrypted forms secure the
finalized data at rest.

"Encrypted forms apply asymmetric public key encryption at the time
the form is finalized within ODK Collect...This process ensures that
the finalized form's data (and media attachments) are encrypted before
being submitted to ODK Aggregate, remain encrypted while stored on ODK
Aggregate, and remain encrypted as the data and attachments are pulled
into ODK Briefcase, where they are again stored in encrypted form."
โ€“ https://opendatakit.org/help/encrypted-forms

The caveat is that encrypted forms are only encrypted when they are
finalized and they can't be viewed or edited. If you want to secure
unfinalized forms, the best way is to use Android's built-in device
encryption and that (depending on your device) should secure the SD
card from users who don't know the PIN/password to the device itself.

Does that answer your question?

Yaw

ยทยทยท -- Need ODK consultants? Nafundi provides form design, server setup, in-field training, and software development for ODK. Go to https://nafundi.com to get started.

On Thu, Jun 2, 2016 at 9:03 AM, Ayoub Kakande akakande@gmail.com wrote:

On point Allan

On 1 June 2016 at 13:52, Allan Nila Chongwe allanchongwe@gmail.com wrote:

Yaw,

I think that you are missing the point. What Ayoub is looking for is the
tab's security not security as in securing the data in transit. I guess
https will only secure the data in transit but if I can get hold of the
tablet then I can access the data. I just though of clarifying this. Sorry
if I am the one who did not get the question right.

Allan

On Wednesday, June 1, 2016 at 11:48:08 AM UTC+2, Yaw Anokwa wrote:

Ayoub,

If you are concerned about security, the most secure option is to
enable encrypted forms (https://opendatakit.org/help/encrypted-forms/)
and then require forms to be finalized before they are saved.

Even with encrypted forms, unfinalized forms are written in plain text
because that is the only way to enable editing. Depending on the
device and version of Android, you can enable device-level encryption
to secure the unfinalized forms.

https://opendatakit.org/about/security-and-privacy-statement also has
a lot of relevant information you should read through.

To answer your questions...

  1. You can add a form question that branches to the end of the
    question based on a hard coded password, but this won't really secure
    the data. Encryption (form or device) is the only way to secure form
    data. Anything else is security theater.

  2. I'm pretty sure the encryption code in Collect hasn't changed for a
    while. Start with a simple one question form and make sure form
    encryption is working on your devices. Then troubleshoot your existing
    form after that.

Yaw

Need ODK consultants? Nafundi provides form design, server setup,
in-field training, and software development for ODK. Go to
https://nafundi.com to get started.

On Thu, May 26, 2016 at 12:29 PM, Ayoub Kakande akak...@gmail.com wrote:

Hi all,
Am in the process of developing a form that will be used by entrants in
the
field
One of the concerns my funders have is security of the data while it's
still
on the tablet more so for the un-finalized forms.
QTN. 1) Is there a way to have a password before opening the form apart
from
app-locks
2) Initially once a form was finalized there was no way it could be
edited,
as of late even when a form is finalized it can still be accessed
under
edit, I wonder what could have gone wrong as i want finalized forms not
to
be edited again.
Thanks
Ayoub

--
**In sun set years education is not associated with standard of living
and
medical care access; it is the the financial myosin and actin!!!

**** Don't give me fish, teach me how to fish

Kayoub K
0772656158 / 0703516660
Data Manager
Mujhu Research Collaboration
Mulago Hosp
Msc Enterprise Architecture

--

Post: opend...@googlegroups.com
Unsubscribe: opendatakit...@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en


You received this message because you are subscribed to the Google
Groups
"ODK Community" group.
To unsubscribe from this group and stop receiving emails from it, send
an
email to opendatakit...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en


You received this message because you are subscribed to the Google Groups
"ODK Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to opendatakit+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
**In sun set years education is not associated with standard of living and
medical care access; it is the the financial myosin and actin!!!

**** Don't give me fish, teach me how to fish

Kayoub K
0772656158 / 0703516660
Data Manager
Mujhu Research Collaboration
Mulago Hosp
Msc Enterprise Architecture

--

Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en


You received this message because you are subscribed to the Google Groups
"ODK Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to opendatakit+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

1 Like

Yaw thanks so much,
going to encrypt tablets since SSL is cumbersome when editing submitted
data in MySQL.
Thanks again

ยทยทยท On 2 June 2016 at 09:20, Yaw Anokwa wrote:

Hi Ayoub,

HTTPS secures the data in transit, but encrypted forms secure the
finalized data at rest.

"Encrypted forms apply asymmetric public key encryption at the time
the form is finalized within ODK Collect...This process ensures that
the finalized form's data (and media attachments) are encrypted before
being submitted to ODK Aggregate, remain encrypted while stored on ODK
Aggregate, and remain encrypted as the data and attachments are pulled
into ODK Briefcase, where they are again stored in encrypted form."
โ€“ https://opendatakit.org/help/encrypted-forms

The caveat is that encrypted forms are only encrypted when they are
finalized and they can't be viewed or edited. If you want to secure
unfinalized forms, the best way is to use Android's built-in device
encryption and that (depending on your device) should secure the SD
card from users who don't know the PIN/password to the device itself.

Does that answer your question?

Yaw

Need ODK consultants? Nafundi provides form design, server setup,
in-field training, and software development for ODK. Go to
https://nafundi.com to get started.

On Thu, Jun 2, 2016 at 9:03 AM, Ayoub Kakande akakande@gmail.com wrote:

On point Allan

On 1 June 2016 at 13:52, Allan Nila Chongwe allanchongwe@gmail.com wrote:

Yaw,

I think that you are missing the point. What Ayoub is looking for is the
tab's security not security as in securing the data in transit. I guess
https will only secure the data in transit but if I can get hold of the
tablet then I can access the data. I just though of clarifying this.
Sorry

if I am the one who did not get the question right.

Allan

On Wednesday, June 1, 2016 at 11:48:08 AM UTC+2, Yaw Anokwa wrote:

Ayoub,

If you are concerned about security, the most secure option is to
enable encrypted forms (https://opendatakit.org/help/encrypted-forms/)
and then require forms to be finalized before they are saved.

Even with encrypted forms, unfinalized forms are written in plain text
because that is the only way to enable editing. Depending on the
device and version of Android, you can enable device-level encryption
to secure the unfinalized forms.

https://opendatakit.org/about/security-and-privacy-statement also has
a lot of relevant information you should read through.

To answer your questions...

  1. You can add a form question that branches to the end of the
    question based on a hard coded password, but this won't really secure
    the data. Encryption (form or device) is the only way to secure form
    data. Anything else is security theater.

  2. I'm pretty sure the encryption code in Collect hasn't changed for a
    while. Start with a simple one question form and make sure form
    encryption is working on your devices. Then troubleshoot your existing
    form after that.

Yaw

Need ODK consultants? Nafundi provides form design, server setup,
in-field training, and software development for ODK. Go to
https://nafundi.com to get started.

On Thu, May 26, 2016 at 12:29 PM, Ayoub Kakande akak...@gmail.com wrote:

Hi all,
Am in the process of developing a form that will be used by entrants
in

the
field
One of the concerns my funders have is security of the data while
it's

still
on the tablet more so for the un-finalized forms.
QTN. 1) Is there a way to have a password before opening the form
apart

from
app-locks
2) Initially once a form was finalized there was no way it could be
edited,
as of late even when a form is finalized it can still be accessed
under
edit, I wonder what could have gone wrong as i want finalized forms
not

to
be edited again.
Thanks
Ayoub

--
**In sun set years education is not associated with standard of
living

and
medical care access; it is the the financial myosin and actin!!!

**** Don't give me fish, teach me how to fish

Kayoub K
0772656158 / 0703516660
Data Manager
Mujhu Research Collaboration
Mulago Hosp
Msc Enterprise Architecture

--

Post: opend...@googlegroups.com
Unsubscribe: opendatakit...@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en


You received this message because you are subscribed to the Google
Groups
"ODK Community" group.
To unsubscribe from this group and stop receiving emails from it,
send

an
email to opendatakit...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en


You received this message because you are subscribed to the Google
Groups

"ODK Community" group.
To unsubscribe from this group and stop receiving emails from it, send
an

email to opendatakit+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
**In sun set years education is not associated with standard of living
and
medical care access; it is the the financial myosin and actin!!!

**** Don't give me fish, teach me how to fish

Kayoub K
0772656158 / 0703516660
Data Manager
Mujhu Research Collaboration
Mulago Hosp
Msc Enterprise Architecture

--

Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en


You received this message because you are subscribed to the Google Groups
"ODK Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to opendatakit+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en


You received this message because you are subscribed to the Google Groups
"ODK Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to opendatakit+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
**In sun set years education is not associated with standard of living and
medical care access; it is the the financial myosin and actin!!!

**** Don't give me fish, teach me how to fish

Kayoub K
0772656158 / 0703516660
Data Manager
Mujhu Research Collaboration
Mulago Hosp
Msc Enterprise Architecture

1 Like