I've been working on a Raspberry PI based device that will periodically download data from a data logger (connected via USB), and send the data file (<1MB in size) as an attachment to an email.
It will do this automatically on a daily/weekly/monthly basis, with no user interaction (once configured).
My question relates to the best way to use an email account to send the emails. Remembering the fact that the software needs access to this account's credentials to send the emails, without any user being present at the time.
Currently I am using SMTP with the jNet library, and am I storing the sending email account's credentials (email address, server, password etc) in a KeyValueStore database (KVS2) with kvs.PutEncrypted.
The issue with this is of course that I need to store the password for the KVS somewhere. Currently this is as a global variable which is not entirely secure (although the variable can be obfuscated when the app is built).
To improve this a little, I have thought about providing a new, unique email account for each of these devices that is supplied. So that the user has the option of using an 'in-built' account, rather than having to input their own email account info.
That way, if the device get hacked, it's 'only' an unused email account that is compromised.
I'm aware of the downsides to this option. Not least the fact that each unique email adress would have to be maintained (by me!).
I have also though about using the Gmail API (https://www.b4x.com/android/forum/threads/b4x-sending-emails-with-gmail-rest-api.81736/) but that would leave me subject to the whims of Google, (I think) limit me to a gmail email address, mean that someone has to set it up on their google account (the user or me), and I'm not sure it's any better really than using a unique email account for each device.
So, my questions are;
1. Is there a better way to store a KVS encryption password than in an (obfuscated) global variable.
2. Am I missing an option that would allow an unattended device to send emails more securely?
It will do this automatically on a daily/weekly/monthly basis, with no user interaction (once configured).
My question relates to the best way to use an email account to send the emails. Remembering the fact that the software needs access to this account's credentials to send the emails, without any user being present at the time.
Currently I am using SMTP with the jNet library, and am I storing the sending email account's credentials (email address, server, password etc) in a KeyValueStore database (KVS2) with kvs.PutEncrypted.
The issue with this is of course that I need to store the password for the KVS somewhere. Currently this is as a global variable which is not entirely secure (although the variable can be obfuscated when the app is built).
To improve this a little, I have thought about providing a new, unique email account for each of these devices that is supplied. So that the user has the option of using an 'in-built' account, rather than having to input their own email account info.
That way, if the device get hacked, it's 'only' an unused email account that is compromised.
I'm aware of the downsides to this option. Not least the fact that each unique email adress would have to be maintained (by me!).
I have also though about using the Gmail API (https://www.b4x.com/android/forum/threads/b4x-sending-emails-with-gmail-rest-api.81736/) but that would leave me subject to the whims of Google, (I think) limit me to a gmail email address, mean that someone has to set it up on their google account (the user or me), and I'm not sure it's any better really than using a unique email account for each device.
So, my questions are;
1. Is there a better way to store a KVS encryption password than in an (obfuscated) global variable.
2. Am I missing an option that would allow an unattended device to send emails more securely?
