Hi I am contemplating a browser-based app that will process confidential data (including data retrieved using local upload). I will make it so that it never invokes a backend (i.e. it will be an SPA app) but I also need a way to show this to the end-user so that the end-user can reassure himself this is the case. Of course, many users won't care, but at least security-conscious end-users will be able to reassure themselves of this. Yet I don't see exactly what web technology to use this to guarantee this. Of course, you could ask the end-user to check the Network tab in the Developer Console but this is not very user-friendly. The key issue is of course that web apps "per default" have access to do web requests, so how to prove the app doesn't actually use this? I am wondering if some newer web development (progressive apps, installable apps etc.) might have something to offer here? Otherwise it seems to be a sort-of flaw in the web, that you can't create an app that provably doesn't upload end-user data!
Aucun commentaire:
Enregistrer un commentaire