-1

I'm currently developing a parental monitoring app and need some guidance on implementing secure data transmission between the monitored device and our server. Our app will track the child's device activity and send this data to a central server where parents can monitor it via a dashboard.

Could anyone provide advice or best practices on the following:

Encryption: What encryption methods are recommended to ensure data is securely transmitted and stored? Authentication: How can we securely authenticate both the parent and child devices to prevent unauthorized access? Data Privacy: Are there any specific considerations for handling sensitive data, especially in terms of compliance with regulations like GDPR or COPPA? API Security: What are the best practices for securing our API endpoints to prevent data breaches? I appreciate any insights or resources you can share!

Thank you!

I've Tried:

  • Encryption: I've implemented HTTPS to ensure secure communication between the app and the server. However, I'm unsure if additional encryption (e.g., AES encryption) for the data itself is necessary.
  • Authentication: I've set up basic authentication using tokens, but I'm concerned about the security of this method and whether I should be using OAuth 2.0 instead.
  • Data Privacy: I'm aware of GDPR and COPPA requirements but need advice on specific measures to take to ensure compliance, particularly regarding data minimization and user consent.
  • API Security: I've implemented basic rate limiting and IP whitelisting for our API endpoints, but I'm looking for more comprehensive security practices to prevent data breaches. What I’m Expecting:

I'm looking for best practices and recommendations on the following aspects:

Encryption: Should I implement additional encryption for data at rest and in transit? If so, what methods are recommended? Authentication: What is the best approach to securely authenticate both the parent and child devices? Is OAuth 2.0 suitable for this scenario, or are there better alternatives? Data Privacy: Are there specific tools or frameworks that can help ensure compliance with GDPR and COPPA, particularly for handling sensitive data? API Security: What advanced security measures can I implement to further protect our API endpoints and prevent unauthorized access? Any insights, resources, or examples would be greatly appreciated!

Thank you!

Improve this question
3
  • This question is way too broad for this site. THere's at least a dozen questions here, some of which aren't on topic at all (legal questions like COPPA or GDPR for example).
    – Gabe Sechan
    Commented Jul 8 at 20:20
  • But to answer a couple of individual points- if you're using HTTPS, you don't need additional encryption in transit (in your storage you still would). And OAuth solves no problems for you, OAuth is about authenticating one service with another on behalf of a particular user, not about authenticating a user with your service.
    – Gabe Sechan
    Commented Jul 8 at 20:23
  • Please provide enough code so others can better understand or reproduce the problem.
    – Community Bot
    Commented Jul 8 at 21:28
Related questions
660
JWT (JSON Web Token) automatic prolongation of expiration
1537
How do I pass data between Activities in Android application?
392
SPA best practices for authentication and session management
Load 3 more related questions Show fewer related questions

0

Reset to default

Browse other questions tagged or ask your own question.