Focus On: Mobile App Security & Data Privacy

There are an increasing number of social communication platforms that consistently cause users concern when it comes to their data privacy, primarily involving the repurposing of personal identifiable information and provision of it to third parties.

Padoq was developed with privacy in mind, initially as a community platform enabling small businesses or interest groups to communicate, organise, collect feedback and facilitate payments in one single private space.  The free app is still being used by security and privacy-conscious groups today, primarily because Padoq has chosen not to solicit information that it does not need to operate. Information is not shared among members unless required to do so by group administrators and users may contact each other without access to personal or external contact details.

Who controls the User’s Personal Data?

The collection of Personal Information within the app is at the discretion of the group administrator and the conditions for using the data are provided to the user at sign up to each relevant group (for example, a Fitness Bootcamp group leader may want each member to provide their emergency contact details). The Personal Information is held and transferred securely, under the direction of the administrators. The privacy-first approach naturally applies to GDPR considerations.

What about the Platform Technology?

This is where we get technical! The Padoq app is fully native and the architecture is designed to provide the appropriate access to external connections while remaining opaque to non-authorised traffic. Adherence to OAUTH2/Bearer Token technology in direct access to data resources within the databases. There is severely limited access to central repositories and the platform is fully penetration tested.  So, what does all of that mean?

What is Penetration Testing?

Penetration testing (or pen testing) is when a third party is employed to ethically hack a system to check for vulnerabilities.

What is OAUTH and Bearer Token Technology?

Whenever we connect Padoq to information or systems outside of Padoq, we use OAUTH. OAUTH is a way for Internet users to give access to their website, technology or details without giving their password and other credentials to us. Instead, the system issues something called a bearer token. The bearer token is encrypted and gives Padoq the ability to talk to other platforms and pull information through without you giving away administration access to your systems.

What is a Native App?

Native apps are applications built for a specific device platform, such as iOS (Apple) and Android (Google). Native apps are generally considered more secure than web apps as they have to be approved by the relevant app store (guaranteeing security and compatibility). As well as being safer, they often perform quicker too.

Why does this matter if I want a Branded App built by Padoq?

When we create your branded app, we build it on the Padoq ‘chassis’. This not only means that the app benefits from all of the security features we have in place, but it also means that we can build your app really quickly and cost effectively as opposed to building it from scratch.

If you want to integrate your existing systems or third-party systems into your branded app, we use OAUTH and Bearer Token technology, preserving the secrecy of the organisation or software secrets.

Additionally, when there’s a security or technology (such as a new phone or operating system) update to the Padoq platform, this automatically updates all of the branded apps built on the Padoq platform too – ensuring your app is compatible with the latest technology. We have found that this carries a huge cost and operational benefit to our clients who often need to put budget aside for updates.

Groups created within a branded app have the same data privacy functionality features as the Padoq app. You can choose whether to keep these groups secure or private and users anonymised or whether to promote spaces for engagement and information sharing….. you can even choose how much personal information you want to collect. Despite it being connected and built from a single foundation, Padoq remains a dynamic app choice for brands and organisations wanting to build their own branded app.

Learn more about our intelligent mobile app platform.