I'm building an Android application which will allow my sales team to quote projects and I want it to work while they're in remote areas, which means it will download price changes when they get into service areas and also upload any quotes they have done. Since it needs to work offline, I need to authenticate the user login but I'm hesitant to be authenticating them against the database stored locally on the device. Is there a proper way of doing this? I can't authenticate remotely because it has to work offline. Is the local NoSQL database secure? Should I not worry too much about it and just make sure they're authenticated remotely prior to the synchronization when a connection becomes available? Thanks a lot.
Related
I work for an IT firm, and often when we go onsite we end up having to retrieve user passwords for various reasons. Right now our options are to:
A) Print out the site's password sheet and take it with us
B) RDP back to our company network and lookup each password as needed
The first solution is rife with security concerns, while the second is a pain in the butt.
What I would like to do is set up a background wifi sync at the office with my android tablet, so every time I leave the building I automagically have up-to-date files with me. But also store them in an encrypted folder or format, so if the tablet gets lost we don't have to reset many hundreds of client passwords. I am not at all opposed to buying an app, or more than one if this can be accomplished in a convenient and secure way. Any ideas?
Dropbox? Preferably combined with storing the passwords in an encrytped database such as keepass?
Really, you want confirmed sign off from your management here. ****ing up with a customer password database (say you lost your phone) is a Career Limiting Move.
Sent from my GT-I9100 using Tapatalk
I have just found this example: SipDemo and I have noticed you need, of course, to add the username, password and domain of the used SIP server.
The example shows a walkietalkie, but I would like to have a normal phone call kind of thing.
I was wondering whether there are free and reliable servers for SIP communications.
What I would like to have is just 1 account and every user of mine should be able to call each other in that way.
I am considering both:
-Hosting my own SIP server on my side;
-Using an already existent FREE server.
Probably each user should have its own account, then I believe the easiest way is to have the server on my side. Is that correct?
Thanks in advance.
N.
Hi there,
my question might seem to be a little odd, so I will explain the reason first...
in my university lab 6 of our android devices (and an iphone 5) got stolen. the thief might have sold the devices, I'm not really sure. anyhow - one of the devices still had our lab-gmail-account logged in so i could install androidlost and get at leas some control over one of our stolen nexus 7.
I was able to get gps coordinates, the WiFi name + IP address as well as some pictures of the person that has the device right not. unfortunately the police told me that gps wouldn't help, as there are possibly 150 persons in the street where the device is, that have the potential to be criminal...getting the owner of the connection via IP is also not likely, because a judge needs to approve the locating via ISP and before that happens, the telecommunications company will have deleted the data -.- I've seen they added a new gmail account after I changed our password. but it's just something like "[email protected]", so nothing that tells me the name.
with androidlost I can also start a web-server and browse the sdcard of the device. unfortunately the device is not rootet, so I can't browse to /data/data to gather more information.
so (finally ) here is my question:
is there any app that saves it's data to the sdcard which uses the facebook ID?
I mean in any logfile or something...maybe an app that automatically starts at boot, so i can be sure the app leaves it's trace on the sdcard.
I can still install apps via play store and if i could retreive the facebook ID in any way, there would still be a chance to catch the thief...
I'm also open for other creative ideas to retreive the identity...
EDIT: before anyone gets me wrong - I don't want the password or login to the account - all I need is the facebook ID (or name...) so I might find out the real name and give it to the police...
Hi. I'm glad to finally be here.
Let me explain the context of my question. I'm designing an application in Android that works consuming a web service. For all inquiries carried out to that web service, you must authenticate to each perform.:silly:
I tried to use SSL certificates for greater security, but at the moment it is too advanced for me just knowing how to create a certificate, then install it on the server and on the client and the connection between them that way (If anyone has a tutorial will be welcome).
For now, I managed to connect via http without any protection. To authenticate the device that performs, IMEI shipping plus a random password (created in the registry).
Well, my question is whether this is an acceptable way or is there more optimal way that take care information that those using the app.
Thank you very much for your help, since I have no one else to turn.
Hi All
my new employer has a BYOD policy but insists on using Airwatch MDM to access any of the tools I need (email, files, calendar).
I have obvious concerns over giving work access to my personal information on my phone. So .... can I use an additional profile on my phone to segregate my personal data from my work data.
i.e. switch to a "work profile" when I need to access my work tools via MDM.
The real question here is do guest and additional profiles on android keep your personal (main account) details completely seperate from Airwatch.
Thanks in advance.
That depends on the device and set-up of Airwatch - in the BYOD environment most companies use the container which separates enterprise apps (emails and etc) from your stuff. The tricky part is the location services, but most BYOD don't use or enable this - if they did they'd have to tell you and it will be in the T&C's
The polices are set out on AW at the start, I you have a vision that MDM admins sit there looking at you internet history then your sadly wrong, you cant do this on any MDM yet.
I just checked and you can't even see the apps you've installed.
Depending on the enrollment (agentless or not) you can absolutely see installed apps. Regarding seperated work/private they should be able to use Knox if Samsung devices is used.