I am writing a mobile app which would be expected to store sensitive data. It needs to be stored for offline use. I am wondering now that Android and iOS provide encryption at rest do I need to encrypt the data stored in an database within the App.
The main concern would be that the phone could be stolen. What would someone have to do to get the data from the application. Also what state would the phone have to be in, for example turned on, beyond the pin lock screen, logged into the app.
If the data is vulnerable where would I store the encryption key. If someone can root/jailbreak the phone surely the key is compromised and therefore so is the data.
Any help/advice would be really appreciated.
Aucun commentaire:
Enregistrer un commentaire