In a mobile appsheet app each user has to authenticate when they install the app and the first time they use it.
Is there a way to enforce this every time they use the app ?
The reason is that if they loose their phone or have it stolen the baddy may be able to break the phone’s own security code and then they would be able to use the app and access potentially sensitive data.
Edit: the information I provided wasn’t completely accurate. Refer to this topic for a better understanding:
To summarize, I’ll quote Praveen:
We check access permissions every time an app is accessed in our cloud service (approximates to every sync, but also a number of other operations). For apps using whitelists, the moment you remove the user from the whitelist, that user will fail on their next sync (which could even be a background sync) and after that the app becomes unusable. For apps using domain auth and groups, it is expensive to check group membership, so we cache this membership for upto 15 mins. Which means that if you remove a user from the group that has access to the app, then within 15 mins, AppSheet will know that this change has happened, and on the next sync, that user’s app stops working. In the case of Cognito, we have not yet implemented groups at all — we’re just associating access with membership in a user pool. As Jonathon pointed out, we are checking for membership during initial access/login, but not during repeated access. We have active dev work to fix that and should be deploying it soon.
OK thanks Mike
It’s the same issue as if you have the G Drive or G Sheets app on your phone… not surprising I suppose but it is surprising that it is not addressed by a simnple option to say Re-Authenticate at each use !
@Jonathon your issue is Cognito-specific and we have ongoing dev work to address it.
@Jules_Lane, I understand your concern. Your email on your phone doesn’t ask you to sign in every time. Your browser retains cookies. The defaults are optimized for convenience, and assume the device-wide security holds. I will ask internally about whether such an option is possible. The other question is what fraction of our customers would use such an option if we were to enable it. The thing that kills a platform is to have hundreds of options, each of which is used by less than 1% of customers. This hasn’t emerged so far as a popular customer feature request. We’re always open to learning more though.