Android Question The proper encryption method according to GDPR?

vfafou · May 19, 2018

Hello!

I would like to ask you if someone has done any modification to any app in order to conform with the new GDPR!
My app is using push messages.
If you would like, could you tell me how did you encrypt your push messages?

Thank you in advance!

Erel · May 20, 2018

Why do you need to encrypt the push messages? They are sent to the device over a secure connection anyway.

KMatle · May 20, 2018

I encrypt even push messages. AES is a good choice. See the B4x encryption lib or if you use php to send it search the forum or the www.

Erel · May 20, 2018

You can encrypt everything however it doesn't matter. The data is already encrypted anyway.

udg · May 20, 2018

Why don't you move the encryption chore to the server? As Erel said, the transmission medium is secured by itself, so what you need is just encrypt those data that fall under the "personal and sensitive" definition from the GDPR.
AFAIK GDPR mandates for privacy by design (and by default), but the goal remains the protection of personal data of individuals (not businesses).
In a DB where you have two tables, Customers and Orders, if they are linked by IDs you may want to encrypt some data in Customers but you don't need any in Orders. This way statistical queries on Orders won't require a decrypt stage.

BTW, @KMatle 's approach to encrypt everything should be the safest although I see a potential drawback: if someone decompiles the mobile app than he knows how to decrypt the whole DB, once (and if) he/she can get access to it.

Erel · May 20, 2018

The private data on the server should be protected. Encrypting the message itself is redundant as the data is encrypted in the SSL transmission.

vfafou · May 20, 2018

Hello to all!
Thank you for your replies!
I forgot to mention that I’m using Erel’s Custom Push Websocket Framework with modifications, under WS protocol and not WSS.

Erel · May 21, 2018

vfafou said:
I forgot to mention that I’m using Erel’s Custom Push Websocket Framework with modifications, under WS protocol and not WSS.

This is indeed important information. All the posts I made assumed that you are asking about the standard push messages.

vfafou · May 21, 2018

Erel said:
This is indeed important information. All the posts I made assumed that you are asking about the standard push messages.

Hello Erel!

You’re absolutely right!
I had to mention this with my first post!
So, my right question is: does the simple websocket protocol is encrypted?

Thank you in advance!

Erel · May 22, 2018

You should start a new thread and include all the relevant information. What are you sending? How are you sending it? Why aren't you using wss?

Android Question The proper encryption method according to GDPR?

vfafou

Well-Known Member

Erel

B4X founder

KMatle

Expert

Erel

B4X founder

udg

Expert

Erel

B4X founder

vfafou

Well-Known Member

Erel

B4X founder

vfafou

Well-Known Member

Erel

B4X founder

Similar Threads

Android Question The proper encryption method according to GDPR?

Well-Known Member

B4X founder

Expert

B4X founder

Expert

B4X founder

Well-Known Member

B4X founder

Well-Known Member

B4X founder

Similar Threads

Privacy & Transparency

Privacy & Transparency