Project Phase 6: Security Reccomendations

[dgonc99]

1. What is your security recommendation? Why did you choose it?
   The security recommendation we have chose is ‘Data is encrypted on the network using TLS. The secure channel is used consistently throughout the app. We chose this recommendation as it is one that is absolutely vital to almost every application. Although our app is a simple one, it still utilizes a user/login system, and we must ensure the data being transmitted remains safe from potential attackers.
2. Who does the recommendation benefit (end-user, developer, etc.)?
   This recommendation benefit’s all shareholders, including end-users, and developers. It obviously benefits end-users by ensuring the safety of their data, but it also benefits the other shareholders by ensuring the app maintains a sense of integrity and trustworthiness.
3. If the recommendation was found somewhere other than the provided checklist, include a link to it.
   Not applicable, the recommendation was found in the GitHub repo located at https://github.com/muellerberndt/android_app_security_checklist?tab=readme-ov-file.
4. When would the recommendation have to be implemented (based on how serious the security risk is)?
   In an ideal world, this would have been done during the development phase, but due to time concerns with deadlines, it will need to be implemented as early as possible.
5. Why do you think your project needs your recommendation?
   We believe our app needs this recommendation for all of the reasons listed above, but to put them plainly, the project needs this as data safety is incredibly important in today’s day and age, and both end users and developers need to ensure that they are connecting to the internet in a safe manner. By not implementing this, the team runs the risk of themselves, their users, or the app itself being victim to data attacks.
   We can do this by ensuring that we configure proper TLS settings and avoid vulnerabilities by using strong ciphers and certificates We could also implement this by combing through and ensuring that all network requests sent or received by the application utilises HTTPS.