--Originally published at Debugging My Mind
Confidentiality as I’ve mentioned before, is a key property that any application must have, you don’t want your personal data that any app you download so easily asks for to be out there for anyone to see, otherwise we would just be carrying around papers with all our info taped to our backs.
This is why as developpers we have to always assume any info we ask out of someone about them can be personal, we don’t know whether someone thinks their name can be public, or someone who thinks it should be kept private unless absolutely needed otherwise, so it’s better to keep things as confidential as possible by default, rather than publicly out and easy to obtain.
One of the main methods to keep confidentiality of data we have stored of our users is by the use of encryption. Using a hashing algorithm we change that plain text info into an unreadable mess that requires computation to solve, adding salt and pepper we make it very difficult to go back to the original text without the key, making it so that data cannot be precomputed in bulk as a rainbow attack.
Handling data of young children makes it even more sensitive, as their personal information is being handled by other people that have to be responsible for it. This wasn’t an issue back when we were younger, but these kids live in the digital age, where the internet is predominant and their info can easily be thrown out there for anyone to see without their consent or them even knowing. It wouldn’t be nice us as adults right now to find out that back when we were young and couldn’t do anything about it our information was put out there easy for people to find and read.
It’s for this reason that it’s better to assume all data related to our users as sensitive, be it their name, age or gender, and keep things encrypted and with needed authentication to access, since their confidentiality and the app security is our responsability as developers.
