Android Question How to secure data in the event an employee phone get stolen or loss?

[aeric]

Assume I am developing an Android app for a client and the engineers are provided with the devices and app. In case an engineer lost the phone or the device get stolen, the company have concern that the data will be fall into wrong hands.
To convince the client, what I can do?

Here are what I can do:

1. The app requires login and token expires (become invalid) within certain period of time, let say 1 or 3 days? 30 minutes? Always logout when remove from recent app?
2. Encrypt certain columns in SQLite
3. Use SQLCipher
4. Self destroy database using firebase push notification
5. Self destroy certain tables in SQLite on app start if user no login for certain period eg 3 days

Any more practical ways?
Please comment and recommend ??

 

[tigrot]

Store db's encrypted key value on each phone when the app is started the first time reading it from a web service. The value for encryption key is reconstructed concatenating some separate piece of key, so also decompilation makes hard to get.
A two level encryption is hard to decode.

 

[MrKim]

Well, I would certainly encrypt the data using the users password plus some additional complications, regardless.

Another option, since the data on the device is a shop floor requirement that presumes it is only used during certain hours and or in certain locations. This means you could just delete the data after hours or when out of range and have them reload it when they come to work the next day.