*What*
For Cordova, it's likely we will need to use native plugins for some of the checks. There are 2 options:
1. Wrap the security module from the iOS and Android SDKs. The downside is that we will also need to use the core module.
2. Not using the security modules, but re-implement some of the checks in native code, and keep the native code minimum.
We need to perform a spike and evaluation which approach we should take. We should consider the following:
* what features we can support. The features we are looking at including:
** root/jailbreak detection
** emulator/simulator detection
** debuggable/developer mode detection
** device lock detection
** device encryption detection
** backup detection
** allow developers provide their own implementation
** report security checks metrics
* maintenance cost
* user experience for end developers
If possible, a proposal should be created on which approach we should take, based on the results of the evaluation.
*How*
We can choose one feature and try implement it in both Option 1 and 2. This way it will allow us to understand:
* what changes will be required to the Android/iOS SDK
* which approach works better
* how developers can add their own checks? |
|
