User-data security design guidelines
Applications should give high priority to user data and should not modify, delete or broadcast it. OEMs should also release the device with preloaded antivirus software.
A checklist for user data security
- Users data like images, videos, messages, contacts should not be altered without their permission.
- Access point information should not be modified without informing user.
- For using GPRS, user confirmation should be taken.
- Sending background SMS should be discouraged.
- Secure information like Password should be encrypted.
- Users should be given permission to delete their private data.
- Users should be encouraged to take backup of their private data.
- Application's sensitive data should be created in the private folder of the application, so that it is not accessible to other applications.
- While sending data to the web, it would be pertinent to notify the user of the vulnerability of the data in case there exists one.
- While deleting any data through the UI always display a confirmation dialog to the user to avoid inadvertant delete of data.
- Allow some kind of backup/restore mechanism for application which contains lot of sensitive user data.