This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Hi
In a mobile appsheet app each user has to authenticate when they install the app and the first time they use it.
Is there a way to enforce this every time they use the app ?
The reason is that if they loose their phone or have it stolen the baddy may be able to break the phoneโs own security code and then they would be able to use the app and access potentially sensitive data.
Thanks
Edit: the information I provided wasnโt completely accurate. Refer to this topic for a better understanding:
To summarize, Iโll quote Praveen:
We check access permissions every time an app is accessed in our cloud service (approximates to every sync, but also a number of other operations). For apps using whitelists, the moment you remove the user from the whitelist, that user will fail on their next sync (which could even be a background sync) and after that the app becomes unusable. For apps using domain auth and groups, it is expensive to check group membership, so we cache this membership for upto 15 mins. Which means that if you remove a user from the group that has access to the app, then within 15 mins, AppSheet will know that this change has happened, and on the next sync, that userโs app stops working. In the case of Cognito, we have not yet implemented groups at all โ weโre just associating access with membership in a user pool. As Jonathon pointed out, we are checking for membership during initial access/login, but not during repeated access. We have active dev work to fix that and should be deploying it soon.
OK thanks Mike
Itโs the same issue as if you have the G Drive or G Sheets app on your phoneโฆ not surprising I suppose but it is surprising that it is not addressed by a simnple option to say Re-Authenticate at each use !
@Jonathon your issue is Cognito-specific and we have ongoing dev work to address it.
@Jules_Lane, I understand your concern. Your email on your phone doesnโt ask you to sign in every time. Your browser retains cookies. The defaults are optimized for convenience, and assume the device-wide security holds. I will ask internally about whether such an option is possible. The other question is what fraction of our customers would use such an option if we were to enable it. The thing that kills a platform is to have hundreds of options, each of which is used by less than 1% of customers. This hasnโt emerged so far as a popular customer feature request. Weโre always open to learning more though.
LinkedIn
Twitter
