hi,
In order to plan the using of Survey Solutions, the absence of the 2 apps from Google Play has raised questions about security.
I’m searching a clarification on this point.
There are several reasons that Interviewer and Supervisor applications are not on the market:
-
To use Google Play you need to have an account to get an application. It means that every Interviewer has to have one. It’s an unnecesery complication for the larger surveys with thousands of interviewers.
-
Interviewer and Supervisor applications are comming bundled witht specific version of the server Headquarters application. It’s easier to control compatibility in this way. The updates are planned and in control of survey managers and do not depend on the release on the market. And a release of urgent fix of the product is also in the control of the team that develops the platform and does not depend on the Google Play.
-
In some environments the destribution of the mobile device applications is done in the manual mode by transerring the .apk file through other than direct download channels, e.g. over bluetooth or USB drive.
-
Some surveys are collected in the sealed environments when tablets have no access to the Internet but communicate to the HQ over VPN for security reasons.
There is a Tester application on the Google Play that is almost identical to the Interviewer application.
thanks for your answer, but I’m talking about using applications in national survey, so I will not use a Tester. Does your answer is an official response or coming from official source?
I have to find the main reason behind this choice to defend this when i have security audit.
@sergiy : can you see my topic and have from you a structured answer. Im really in urgent situation
Thank you
The answer above explains very clearly why putting the Interviewer/Supervisor applications to the market would not be useful. In fact it will be harmful. And you can scout this forum for cries for help from people who installed the app from the wrong server/source/version and locked themselves from the very data they were collecting, which will be the direct result of mindless updates from the market. (to explain the consequences of bullet nr 2 in @vitalii’s answer).
Each country is different, but generally the audit will require that you did your due diligence when choosing the software, infrastructure and other components of your data-handling pipeline. A proper answer to that is for you to do software security analysis/review/audit. @sioud_rim has just been asking about this in another thread of the forum, with whom you could team up to look for a proper process (though again, the level of scrutiny and thresholds for alerts may differ between countries and surveys).
-
Most governments would mandate security assessment as a requirement for onboarding of software, especially dealing with confidential data. If that is the case, there are usually prescribed procedures outlining requirements to frequency and level of detail of the assessment, as well as professional qualifications of the assessor.
-
Another alternative would be to consult with the National Statistical Office/Institute/Bureau of your country to check if they have done such an analysis in the past and whether they deem the software to be within the local safety requirements. Whether or not they will be willing to share this with you is another matter.
-
If you are from a university/academia your Ethical Research Committee/Board may have a list of recommended/cleared/approved packages to be used, which could be another alternative to help you avoid to do the necessary analysis yourself.
PS: I am not sure what official means in this context, or whether your auditor would find the answer from the user sergiy to be more authoritative than the answer from users sergiy2, sergiy3, or sergiy1965, or perhaps even sergiy_gpt for that matter.
PPS: kindly stop editing the wording of the original question in this thread, which makes the answers look not-fitting or irrelevant. Instead clarify and elaborate to help channel the conversation to what helps most.
i edided the topic to clarify the idea with appripriate word
thank you for your input