Data Security in Offline Support

Data Security in Offline Support

When offline support is enabled, some of your app data is automatically stored on the user device. Because the default setting is to store data in plain text, this exposes your data to unauthorized access in case the device is lost or stolen.

To mitigate potential damages, you can enable data encryption to secure the data in the app's offline storage.

You can use the bundled encryption mechanism or provide your own encryption implementation. Either way, you enable data encryption by specifying additional settings when instantiating the main SDK object (the Everlive instance).

Important Data encryption only applies to content type data. Offline files are not encrypted.

Important The SDK does not encrypt nor does it provide encryption mechanisms for data stored in SQLite storage. To enable encryption for this storage type, consider extending SQLite with an official or third-party encryption plugin.

Enabling Default Encryption

The Backend Services JavaScript SDK provides a default data encryption implementation you can use.

The following snippet shows how to set up data encryption using the default encryption provider:

var el = new Everlive({
    appId: 'your-app-id',
    offline: {
        encryption: {
            key: 'your-encryption_key_here'
        }
    }
});

The default encryption implementation requires that you provide an encryption key. This is an arbitrary string that cannot be the null string. Otherwise its length and complexity are entirely at your discretion.

It is best to generate the encryption key on the device and keep it in a secure place. If you hard-code it in your app, it will be possible for someone to extract it from the app package.

See Also


Start a free trial Request a demo
Contact us: +1-888-365-2779
sales@telerik.com
Copyright © 2016-2017, Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved.