Hi
In a mobile appsheet app each user has to authenticate when they install the app and the first time they use it.
Is there a way to enforce this every time they use the app ?
The reason is that if they loose their phone or have it stolen the baddy may be able to break the phoneโs own security code and then they would be able to use the app and access potentially sensitive data.
Thanks
Edit: the information I provided wasnโt completely accurate. Refer to this topic for a better understanding:
To summarize, Iโll quote Praveen:
We check access permissions every time an app is accessed in our cloud service (approximates to every sync, but also a number of other operations). For apps using whitelists, the moment you remove the user from the whitelist, that user will fail on their next sync (which could even be a background sync) and after that the app becomes unusable. For apps using domain auth and groups, it is expensive to check group membership, so we cache this membership for upto 15 mins. Which means that if you remove a user from the group that has access to the app, then within 15 mins, AppSheet will know that this change has happened, and on the next sync, that userโs app stops working. In the case of Cognito, we have not yet implemented groups at all โ weโre just associating access with membership in a user pool. As Jonathon pointed out, we are checking for membership during initial access/login, but not during repeated access. We have active dev work to fix that and should be deploying it soon.
OK thanks Mike
Itโs the same issue as if you have the G Drive or G Sheets app on your phoneโฆ not surprising I suppose but it is surprising that it is not addressed by a simnple option to say Re-Authenticate at each use !
Sorry Jules, the information I provided could be more accurate. See Praveenโs post further down in the topic I cited:
For context, I use Cognito, so I have some user auth struggles. But it may be that this concern is currently only with Cognito.
Issues with Cognito have been addressed:
@Jonathon your issue is Cognito-specific and we have ongoing dev work to address it.
@Jules_Lane, I understand your concern. Your email on your phone doesnโt ask you to sign in every time. Your browser retains cookies. The defaults are optimized for convenience, and assume the device-wide security holds. I will ask internally about whether such an option is possible. The other question is what fraction of our customers would use such an option if we were to enable it. The thing that kills a platform is to have hundreds of options, each of which is used by less than 1% of customers. This hasnโt emerged so far as a popular customer feature request. Weโre always open to learning more though.
@Adam and @Arthur_Rallu FYI
Thanks Praveen. Yes I totally understand but I think it would be a very useful option if it was easy to provide. Thanks for your reply.
User | Count |
---|---|
40 | |
28 | |
22 | |
20 | |
15 |