I am creating a hybrid mobile application on Visual Studio 2015 using Cordova and Ionic.
The app will be used by Agents. They'll visit fields and collect data from users.
The requirement is to allow them to put app in offline mode. When agent chooses to go offline, first the app should call service and store returned data in the storage (encrypted: should we use SQLLite with SQLCiphter?) so that app can function correctly. After this it should go offline.
Agent will start collecting data, the data collected from the users will remain in the device memory (may be in HTML5 localstorage but in encrypted format).
After that agent will choose to go online, on that event the app should send the data to the service. The service will return approve or reject status for each applicant. For rejected application, agent will contact user and will work with her to rectify the error - and again sends data to the service.
I need to know what plugins should I be using for local encrypted storage. The encryption/decryption should be on the go, for example, if user enters details on screen 1 and proceeds to screen 2 the details in screen 1 should be stored in encrypted format, and if he goes back to screen 1 from screen 2 then app should decrypt the local data and should allow to edit.
For local encrypted storage SQLLite with SQLCipher will be a good option?
Thank you.
Related
More a design question / explore options - I have a Firebase Realtime Database backed project where I have IOT-like devices (ESP32) that periodically measure environmental conditions and stores data in the database, and a flutter app that users use to associate devices with their account, view data and update device settings.
My question is about the best setup for the IOT devices - i currently have them all using a single service account to access the database and insert new readings. I'm concerned this may open up the project to security issues, and that there is no way to restrict security priveledges of a single device.
The other option is to create individual user accounts for every device (each device would have to register themselves with their own unique id). This would then allow every device to be disabled individually and operate through the security rules defined for the database, but lead to a larger number of users in the auth db and more complex iot device code.
Am I missing anything from the above? Has anyone done something similar and can offer some design insight?
i currently have them all using a single service account to access the database and insert new readings.
You should only use a service account in trusted environments, as they have full unrestricted access to your Firebase project. In all other scenarios, consider regular SDKs such as the non-privileged Node.js SDK that is great for using on IoT devices.
I'm trying to make use of an API from a local bank, which uses OAuth2 as their authorization method.
The authentication process is as follows:
User clicks on button, webview within application is launched, and user is directed to
URL A: "https://{API URL}/{constant key}/{redirect url}"
Then they have to authenticate with their banking credentials, and the next page prompts them to key in an OTP.
If this is successful, the session token will be embedded in the redirect url as such:
Redirect URL: https://{redirect url}/{access token}/{type}
How can I cache or store this access token as a variable in my flutter code so that i can use it for other API calls? I am currently using flutter webview plugin and i have no issues launching the webview and reaching the different URLs, but i can't seem to find a method to store the token.
For local storage:
You can use https://pub.dev/packages/shared_preferences which uses the native counterparts for storing preferences. Its basically a key/value store.
Wraps NSUserDefaults (on iOS) and SharedPreferences (on Android),
providing a persistent store for simple data. Data is persisted to
disk asynchronously. Neither platform can guarantee that writes will
be persisted to disk after returning and this plugin must not be used
for storing critical data.
Another alternative would be SQLite with this package: https://pub.dev/packages/sqflite
SQLite plugin for Flutter. Supports both iOS and Android.
You can of course also use the File I/O capabilities of Flutter as described in the docs:
https://flutter.dev/docs/cookbook/persistence/reading-writing-files
Another route is by using a cache manager package, which will use the cache of the app together with SQLlite in the background. Might also be a solution but files can be deleted by the OS at any point in time. See the package at: https://pub.dev/packages/flutter_cache_manager
for remote storage:
Then of course, as most of the flutter developers use firestore (https://firebase.google.com/docs/firestore) or cloud storage (https://firebase.google.com/docs/storage) from the Firebase Brand, you can easily chose to go this way. Of course then the data would be in the cloud. Dont know if that meets your security requirements.
Most likely i would prefer going the local persistence way with the first mentioned methods.
Assuming my rules are setup to user read/write on owned object only, I want to know what data does firebase client (IOS/Android) store in devices? In this example, does it download the data that doesn't belongs to the user as well on the device but just blocked it? or only object owned by user will be downloaded on device.
Is there a way to just have some of the child object saved in the cloud only but not locally? I am worried about the db size getting too large in the devices.
Thanks!
Your Firebase app will only have access to data in the database that the rules permit. Security is handled by the Firebase Realtime Database (not the app) so only data that the user is allowed to access will be downloaded.
In order for your app to work with data stored in the database, it needs to be downloaded to the device. By default, data is cached so that your app still works even if your device temporarily loses its network connection. The app only stores this locally if you enable offline capabilities to allow the app to continue working when no network is available.
Firebase apps automatically handle temporary network interruptions. Cached data is available while offline and Firebase resends any writes when network connectivity is restored.
When you enable disk persistence, your app writes the data locally to the device so your app can maintain state while offline, even if the user or operating system restarts the app.
The Firebase app will automatically handle all of this functionality for you.
The size of the local cache will rarely be large enough to worry about, unless you are storing or downloading huge amounts of data, which is not recommended. If your database is large, you should implement strategies to restrict queries to only retrieve relevant data by filtering or paginating your queries.
Can we implement Firebase for an android app, where I am registering user using Mobile number (Similar to Whatsapp). Users will be sent a code by server which is entered by user in android app to validate the user mobile number and registering him on the server.
Question : Can I use the above method in conjunction with Firebase Auth?
I was earlier going to use MongoDB for my project, but since Firebase has SYNC capabilities, it will be a better choice for storing data. Another good reason is as below:
If a client loses its network connection, your app will continue
functioning correctly.
Every client connected to a Firebase database maintains its own
internal version of any active data. When data is written, it's
written to this local version first. The Firebase client then
synchronizes that data with the remote database servers and with other
clients on a "best-effort" basis.
Very NEW to Firebase, just came to know about firebase (through Google 2016 IO).
https://firebase.google.com/docs/database/android/save-data
Firebase hosting is not for server side processing.
It stores static assets of your website as a world-class high availability CDN. So websites hosted here loads very fast. Even in high-availability scenarios.
So you have to do processing at other server which then connects with firebase and stores userinfo in realtime database.
Firebase has put limits on userinfo to be placed in directly for users auth dashboard.
For detailed userinfo, firebase realtime db is the way to go(from your processing backend to firebase realtime db).
Further Reading: What kind of web applications are Firebase not ideal for?
There are some threads on SO that cover this - but most of them are 12 months old. I want to understand if Meteor (and available packages) is currently capable of handling:
An App that runs both online (when there is network connectivity) and offline (when there is not).
Allows changes made while offline to be persisted to the server when online (and the reverse).
Allows the data that is persisted to be stored encrypted on the device and only decrypted when used.
Allows some attribute of the user (application password, or possibly a token generated by the server for each logon) to be used as part of the decryption key. (intent is that if the device is stolen and the screen lock bypassed the data is still "reasonably" safe).
On both IOS and Android, rooted and not.
Quoting my own reply on Reddit:
when you export let's say an apk from Meteor, this is a self contained app? this app connects o a server? does it work offline by default?
Yes, theoretically they will work offline. They do work offline now, but they cannot get new data from the server or execute remote procedures on the server w/o a connection (makes sense, right?).
If you want a fully offline app, you can try to use one of the community packages for the offline data support: https://atmospherejs.com/ground/db