Jump to content

Recommended Posts

Posted

I need opinions on a potential Timecard Buddy feature and it applies to anyone who fills out a timecard or has someone else fill out a timecard for them

 

Originally I kept Timecard Buddy's data restricted to the device. I later added a limited cloud element: if your device is signed into your Apple or Google ID, data will be synced across your devices. The reason I kept it restricted is to limit the potential of leaking user data, particularly when a coworker is entrusting it to someone else filling out timecards. Most of the data isn't particularly harmful (though privacy should be respected): work times, pay rates, rentals. But the data does sometimes include a person's Social Security Number or at least the last four digits. And the app also takes signature images, though I'd never consider putting those into a file so that's not at issue here

 

Users are asking to be able to export data to transfer to another person to continue timecard duties for a department. And I am concerned about adding that to the app. I actually forgot about my concern for a moment and started writing it. Here are parameters of the feature and you guys tell me whether you consider it a worthwhile trade off:

 - data would be exported to a file

 - the file would only be able to be read by the Timecard Buddy app (barring substantial hacking)

 - the file could include as little as a single timecard and as much as the entire history of all timecards on the device

 - the export could be used to pass timecard responsibilities to another person, to create a backup of data, or to give employees a record of just their timecards

 - (Something I just thought of) I could automatically convert full social security numbers to just last four digits on export

 

Again, my major concern is a Timecard Buddy user managing other employee social security numbers, and then years later transferring their entire history's worth of those SSNs to another person. Whatever the circumstances of that happening, this feature would make it possible

 

Thanks for your feedback

  • NewEndian changed the title to Timecard Buddy Export Data Opinions
Posted
On 3/21/2022 at 11:55 AM, Patrick Farrell said:

I don't know anyone that uses full social security numbers on their timecards. I'm all for being security conscious but I think you're making a mountain out of a molehill.

I'll think about these things so that my users don't have to. But I'm actually rather happy with the replacing full SSNs idea, so that's what I'm going with

 

On 3/21/2022 at 12:04 PM, VASI said:

My advice is if you go with Social Security Number; app must be end-to-end encryption.

It will be end-to-end encrypted. It would take substantial hacking and reverse engineering to extract the data outside the app. (Nothing is unhackable)

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...