Namespaces

Variants
Actions

Please note that as of October 24, 2014, the Nokia Developer Wiki will no longer be accepting user contributions, including new entries, edits and comments, as we begin transitioning to our new home, in the Windows Phone Development Wiki. We plan to move over the majority of the existing entries over the next few weeks. Thanks for all your past and future contributions.

(Difference between revisions)

User-data security design guidelines

From Wiki
Jump to: navigation, search
hamishwillee (Talk | contribs)
m (Hamishwillee - Bot update - Fix ReviewerApproval and ArticleMetaData etc)
hamishwillee (Talk | contribs)
m (Text replace - "Category:Mobile Design" to "")
 
(3 intermediate revisions by one user not shown)
Line 1: Line 1:
{{ArticleMetaData <!-- v1.1 -->
+
[[Category:Usability]][[Category:Security]]
 +
{{Abstract|User data security is the practice of keeping user data protected from corruption and unauthorized access. Thus helping to ensure privacy. Applications should give high priority to user data and should not modify, delete or broadcast it. }}
 +
 
 +
{{ArticleMetaData <!-- v1.2 -->
 
|sourcecode= <!-- Link to example source code e.g. [[Media:The Code Example ZIP.zip]] -->
 
|sourcecode= <!-- Link to example source code e.g. [[Media:The Code Example ZIP.zip]] -->
 
|installfile= <!-- Link to installation file (e.g. [[Media:The Installation File.sis]]) -->
 
|installfile= <!-- Link to installation file (e.g. [[Media:The Installation File.sis]]) -->
Line 10: Line 13:
 
|capabilities= <!-- Capabilities required by the article/code example (e.g. Location, NetworkServices. -->
 
|capabilities= <!-- Capabilities required by the article/code example (e.g. Location, NetworkServices. -->
 
|keywords= <!-- APIs, classes and methods (e.g. QSystemScreenSaver, QList, CBase -->
 
|keywords= <!-- APIs, classes and methods (e.g. QSystemScreenSaver, QList, CBase -->
|id= <!-- Article Id (Knowledge base articles only) -->
 
 
|language= <!-- Language category code for non-English topics - e.g. Lang-Chinese -->
 
|language= <!-- Language category code for non-English topics - e.g. Lang-Chinese -->
 
|translated-by= <!-- [[User:XXXX]] -->
 
|translated-by= <!-- [[User:XXXX]] -->
Line 22: Line 24:
 
|author= [[User:Rahulsingh1m]]
 
|author= [[User:Rahulsingh1m]]
 
}}
 
}}
 
[[Category:Mobile Design]][[Category:Usability]]
 
===Introduction===
 
In simple terms, user data security is the practice of keeping user data protected from corruption and unauthorized access.Thus helping to ensure privacy.
 
Applications should give high priority to user data and should not modify, delete or broadcast it. OEMs should also release the device with preloaded antivirus software.
 
  
 
=== A checklist for user data security ===
 
=== A checklist for user data security ===
  
 
* Users data like images, videos, messages, contacts should not be altered without their permission.
 
* Users data like images, videos, messages, contacts should not be altered without their permission.
 
 
* Access point information should not be modified without informing user.
 
* Access point information should not be modified without informing user.
 
 
* For using GPRS, user confirmation should be taken.
 
* For using GPRS, user confirmation should be taken.
 
 
* Sending background SMS should be discouraged.
 
* Sending background SMS should be discouraged.
 
 
* Secure information like Password should be encrypted.
 
* Secure information like Password should be encrypted.
 
 
* Users should be given permission to delete their private data.
 
* Users should be given permission to delete their private data.
 
 
* Users should be encouraged to take backup of their private data.
 
* Users should be encouraged to take backup of their private data.
 
 
* Application's sensitive data should be created in the private folder of the application, so that it is not accessible to other applications.
 
* Application's sensitive data should be created in the private folder of the application, so that it is not accessible to other applications.
 
 
* While sending data to the web, it would be pertinent to notify the user of the vulnerability of the data in case there exists one.
 
* While sending data to the web, it would be pertinent to notify the user of the vulnerability of the data in case there exists one.
 
 
* While deleting any data through the UI always display a confirmation dialog to the user to avoid inadvertant delete of data.
 
* While deleting any data through the UI always display a confirmation dialog to the user to avoid inadvertant delete of data.
 
 
* Allow some kind of backup/restore mechanism for application which contains lot of sensitive user data.
 
* Allow some kind of backup/restore mechanism for application which contains lot of sensitive user data.
  
Line 61: Line 48:
 
====Backup Solutions====
 
====Backup Solutions====
 
Data security wouldn't be complete without a solution to backup user critical information.
 
Data security wouldn't be complete without a solution to backup user critical information.
 
 
<BR>
 
----
 
--Additional Edit by - Aadhar14b
 

Latest revision as of 03:42, 9 May 2012

User data security is the practice of keeping user data protected from corruption and unauthorized access. Thus helping to ensure privacy. Applications should give high priority to user data and should not modify, delete or broadcast it.

Article Metadata
Article
Created: User:Rahulsingh1m (26 Jun 2009)
Last edited: hamishwillee (09 May 2012)

Contents

[edit] A checklist for user data security

  • Users data like images, videos, messages, contacts should not be altered without their permission.
  • Access point information should not be modified without informing user.
  • For using GPRS, user confirmation should be taken.
  • Sending background SMS should be discouraged.
  • Secure information like Password should be encrypted.
  • Users should be given permission to delete their private data.
  • Users should be encouraged to take backup of their private data.
  • Application's sensitive data should be created in the private folder of the application, so that it is not accessible to other applications.
  • While sending data to the web, it would be pertinent to notify the user of the vulnerability of the data in case there exists one.
  • While deleting any data through the UI always display a confirmation dialog to the user to avoid inadvertant delete of data.
  • Allow some kind of backup/restore mechanism for application which contains lot of sensitive user data.

[edit] Some Technical Mechanism To Protect User Data

[edit] Encryption

This security mechanism uses mathematical schemes and algorithms to scramble data into unreadable text. It can only by decoded or decrypted by the party that possesses the associated key.

[edit] Strong User Authentication

Authentication is another effective part of data security.The single sign-on scheme is also implemented into strong user authentication systems.

[edit] Backup Solutions

Data security wouldn't be complete without a solution to backup user critical information.

This page was last modified on 9 May 2012, at 03:42.
115 page views in the last 30 days.

Was this page helpful?

Your feedback about this content is important. Let us know what you think.

 

Thank you!

We appreciate your feedback.

×