End2end encryption in back4app

i am android development and have very little knowledge about the backend. I’m building a health startup application. I am trying to use back4app share host (not yet a dedicated plan).
can the back4app sysadmin can see the data fields in my table?
should i implement end2end encryption like this link?

if I manage the server myself. maybe it will calm me down without worrying about data leaks but we have to recruit a backend developer. I need your advice. thank you

@davimacedo do you have some suggestions here ?

Since you are going to work with health data, I think your target is not to encrypt at rest but use a solution that provide a cyphered cloud storage ( used by mongo db) to ensure that the provider cannot have access to data. Mongo Entreprise support encryption for all stored data, but the price for a year could be huge 6 to 10K per year.

@praptoo we have several customers using Back4App for health apps. Please reach out us through our web-site chat and we will be happy to setup a conference call to better understand your needs and correctly advise.

Hello, we’re going to upgrade this guide (in a few days). Please check already updated our Open-source demo app: https://github.com/VirgilSecurity/chat-back4app-android

and here is a video on how to run it: https://youtu.be/BAdZo3i4lj8

Aside from the technical implementation, your original post sounds like you want to know whether you should implement E2EE. This sounds like a legal question, which is beyond what you will find in this forum.

Without giving any legal advice, looking at the comments so far, maybe the following considerations can be helpful:

  • It is much easier to develop a health care app than to comply with regional legal regulations regarding health data.

  • Even if data is E2E encrypted, it is still data and data regulations still apply.

  • EE2E per se is not a GDPR requirement, nor does its implementation make a service fully GDPR compliant.

  • That a 3rd party has access to health data that you collect from your users is a usual scenario. It is rare that health data is stored and processed solely in-house without any 3rd party every getting (temporary) consensual access to it. However, it is legally relevant who that 3rd party is, why it is necessary that the 3rd party has data access, how you and the 3rd party legally and technically ensure the 3rd party does not misuse or expose the data, how and for what purpose the 3rd party is allowed to store and/or process the data, and whether the user is informed or gave consent for that.

  • The physical location of the data center in which you store / process health data is legally relevant. Due to regulations, some companies choose distinct data centers in the E.U. for European user data and in the U.S. for U.S. user data, to name just two legislative regions. There is also legislation currently in the works that will make it more difficult to host/process health data of E.U. citizens outside the E.U. and we can expect such regulations across the globe to become more strict over the next years, so it may be helpful to already start thinking about how to separate such data and design your data and infrastructure in a way that you can move parts of it to other physical locations in the event that you are required to.

  • Regulation, regulation, regulation. Even if you offer your health app only for users in the U.S., it is not guaranteed that no citizen of a member country of the E.U. will ever download the app. As soon as they do, you are operating under GDPR and other E.U. health data related legal rules, regardless of whether the user resides in the E.U. or is a citizen of a E.U. member country residing outside of the E.U. GDPR is just a guideline, the national implementations may vary, so apart from regulations on the federal or bloc level, you may want to look into national or sub-regional regulations. The situation is similar in the U.S. where states may have rules that diverge from rules on the federal level.

Especially when it comes to health data, you would be well advised to hire a legal consultant. This kind of data is legally regarded as one of the most sensitive data types, and there can be significant legal implications when (unintentionally) misusing or exposing such data.

1 Like