androidandroid-imagesensitive-data

Delete images and pdf when the session is over

I want to develop a healthcare app in android. the doctor will be authenticate for a specific time to access patient's medical reports and download them to the application (reports will be in a block-chain or a db). when the session is over all of those downloaded data (reports) should be permanently deleted from the doctors mobile. what is the best approach to delete these data?

Solution

  • Storing files in DB is never advised. Rather, they should be stored as File themselves and you can save their path in the DB searching and accessing the files.

    Your point about session timeout is too broad. It could be carried out in several ways, like Logout, Time Limit expired, Case closed from the Patient/Doctor's End etc.

    You can try these steps if you find them suitable:

    1. Once the doctor selects documents to be saved, download and save them in the Internal Storage of your app. Concurrently, save their respective path and download timestamp in a DB Table for future reference.
    2. If your files are confidential and shouldn't be read outside your app, you can either encrypt them using an encryption algorithm and then save them on the device. You can also save them in different extensions and with random names to further make it complex for general users to extract them from the device. You will have to decrypt them at the time of viewing though.
    3. If you think that the data in the file can be parsed and raw (text) data can be extracted, you can also try implementing a DB table and save such information in the DB itself. In such a case, there would be no files being saved on the device.
    4. Now, you have your content (be it in a file system or DB) and your next task is to delete them once the session is over.
    5. For LogOut Case, simply delete all the available data (both from the file system and DB), cleaning everything.
    6. For Doctor Deleting the case, You can remove all the files for the selected case from the device. This information could be easily maintained in a DB Table.
    7. For the case where a patient deletes/closes, you will have to implement a Push Notification service, wherein your server will send a delete command to the device. On receiving the notification on the app, you can follow the same steps.
    8. For time limit expired, The simplest logic is to check, either every day at a certain time or every time your app is opened, for all the files which have a timestamp having 7 days older than today's date. Note the timestamp and file information is stored in the DB.
    9. To check every day at a certain time, You will have to implement AlarmManager which will invoke a background service to carry out the task.

    Note: There could be more possible ways to do such a specific task, however, these are the simplest and most widely used approaches.