Android Question The proper encryption method according to GDPR?

[vfafou]

Hello!

I would like to ask you if someone has done any modification to any app in order to conform with the new GDPR!
My app is using push messages.
If you would like, could you tell me how did you encrypt your push messages?

Thank you in advance!

 

[Erel]

Why do you need to encrypt the push messages? They are sent to the device over a secure connection anyway.

 

[KMatle]

I encrypt even push messages. AES is a good choice. See the B4x encryption lib or if you use php to send it search the forum or the www.

 

[Erel]

You can encrypt everything however it doesn't matter. The data is already encrypted anyway.

 

[udg]

Why don't you move the encryption chore to the server? As Erel said, the transmission medium is secured by itself, so what you need is just encrypt those data that fall under the "personal and sensitive" definition from the GDPR.
AFAIK GDPR mandates for privacy by design (and by default), but the goal remains the protection of personal data of individuals (not businesses).
In a DB where you have two tables, Customers and Orders, if they are linked by IDs you may want to encrypt some data in Customers but you don't need any in Orders. This way statistical queries on Orders won't require a decrypt stage.

BTW, @KMatle 's approach to encrypt everything should be the safest although I see a potential drawback: if someone decompiles the mobile app than he knows how to decrypt the whole DB, once (and if) he/she can get access to it.

 

[Erel]

The private data on the server should be protected. Encrypting the message itself is redundant as the data is encrypted in the SSL transmission.

 

[vfafou]

Hello to all!
Thank you for your replies!
I forgot to mention that I’m using Erel’s Custom Push Websocket Framework with modifications, under WS protocol and not WSS.

 

[Erel]

I forgot to mention that I’m using Erel’s Custom Push Websocket Framework with modifications, under WS protocol and not WSS.

This is indeed important information. All the posts I made assumed that you are asking about the standard push messages.

 

[vfafou]

This is indeed important information. All the posts I made assumed that you are asking about the standard push messages.

Hello Erel!

You’re absolutely right!
I had to mention this with my first post!
So, my right question is: does the simple websocket protocol is encrypted?

Thank you in advance!

 

[Erel]

You should start a new thread and include all the relevant information. What are you sending? How are you sending it? Why aren't you using wss?