This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Encryption at rest on mobile device

Go to solution
jcmanke
Visitor

‎28 Aug 2024 09:46 PM

For mobile application monitoring, is user session data encrypted when at rest before it is uploaded to Dynatrace?

In the documentation I read, I found the following info:

Data is encrypted in transit - https://docs.dynatrace.com/docs/shortlink/data-security-controls#transit 

Data that has been uploaded to Dynatrace is encrypted with AES-256 when at rest. - https://docs.dynatrace.com/docs/shortlink/data-security-controls#rest

OneAgent will discard data if it isn't uploaded to Dynatrace within 10 minutes - https://docs.dynatrace.com/docs/shortlink/oneagent-sdk-android-communication#offline-monitoring 

OneAgent tries to upload to Dynatrace in two-minute intervals by default - https://docs.dynatrace.com/docs/shortlink/cost-and-traffic-control-mobile#network-bandwidth-consumpt... 

 

What I am looking for is information on the security of OneAgent data during that 2-10 minutes between uploads. My use case is an application that may include personally identifiable information (PII) and protected health information (PHI) so we need to make sure it is secure before it is sent to Dynatrace in addition to in-transit and after.

 

0 Kudos
Reply
2 REPLIES 2

Go to solution
Patrick_H
Dynatrace Leader
Dynatrace Leader

‎29 Aug 2024 11:10 AM - edited ‎29 Aug 2024 11:13 AM

Data in mobile agent is locally cached in an SQLite DB. 
The database is not encrypted as there are challenges with creating a secure not extractable key for older Android API version that Dynatrace supports.
For iOS turning on Data Protection for the app will bring improved security as files are then encrypted and inaccessible when the device is locked (https://developer.apple.com/library/content/documentation/IDEs/Conceptual/AppDistributionGuide/Addin...).

 

Outlook: for grail data we have local database encryption on the roadmap

 

Follow-up Question: is it really necessary to have health data in the monitoring data to evaluate application performance or help troubleshooting? Collected information especially for PHI should be kept to a minimum necessary.

iOS help: https://www.dynatrace.com/support/help/shortlink/ios-hub
0 Kudos
Reply

Go to solution
jcmanke
Visitor
In response to Patrick_H

‎29 Aug 2024 08:18 PM

This is for a medical device application. It's unlikely that we would explicitly send PHI such as a device serial number to Dynatrace, but something like a crash report stack trace could incidentally include PHI by indicating what type of device the user has.

0 Kudos
Reply
Ask a question

Featured Posts