Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Data Erasure & Governance with Flutter & Firebase

Data Erasure & Governance with Flutter & Firebase

Is your Android App built to respect your users' data deletion requests?
As consumers, we overwhelmingly expect control over the data we share with our apps, 90% of American consumers according to TrustArc's January 2020 survey*.
As App Developers, we can enable our products to meet this demand.

Using Flutter and Firebase, Noble, walks through patterns and libraries leveraging Flutter and Android to empower your users' right to remove their data from your app, seamlessly.

Link: https://emamo.com/event/android-summit-2020/s/how-to-respect-users-data-erasure-requests-with-flutterfire-WR3b9o

Noble Ackerson

October 08, 2020
Tweet

More Decks by Noble Ackerson

Other Decks in Technology

Transcript

  1. Data Erasure &
    Governance
    with
    2020

    View Slide

  2. Owning a home is hard
    2

    View Slide

  3. 3
    Analysis
    Help homeowners remember
    ● Surveys
    ● Heuristic analysis of adjacent tools
    ● Problem prioritization

    View Slide

  4. Agenda
    1. Why respect deletion requests?
    2. Users’ data and your app experience
    3. Code walkthrough with Flutter & Firebase
    4. Summary
    4

    View Slide

  5. Hello!
    I am Noble
    Sr. Product Manager, Ventera
    Former Google Developers Expert for Product Strategy
    5
    Emergent Technologies
    Data Ethics
    Product Strategy
    Noble

    View Slide

  6. Why respect erasure
    requests?
    and how FlutterFire makes that easy

    View Slide

  7. Why respect data
    erasure requests?
    ❏ Users context and choice
    ❏ Intuitive controls in your application
    ❏ It’s not your data
    7

    View Slide

  8. Choice, Control, & Erasure
    ● Leave it to your users to choose data they
    want to share with you
    ● Choice also means the ability to revoke their
    consent later
    ● Control means the ability to erase my data is
    accessible and intuitive.
    8
    Image credit Aaron Iker | Dribbble

    View Slide

  9. Context

    View Slide

  10. ● Names
    ● Addresses
    ● Email addresses
    ● SSN/National ID #
    ● Personal Health Info
    ● ...
    Personal Data
    Data Categories
    Specific To Our App
    ● Property tax information
    ● Inspection Reports
    ● Location information
    ● Banking information
    ● Photos

    View Slide

  11. Context
    Clear reason why you
    need my data.
    How long do you need it?
    Who are you sharing this
    data with and when?
    Choice
    Give me agency over my
    data.
    How often does that data
    change? Can I revoke my
    consent at any time?
    Control
    Easy access to my data.
    Do: Use standard,
    low-friction patterns.
    Don’t: Use dark patterns,
    hidden links.
    11
    Why respect erasure requests?

    View Slide

  12. How a panicked Product
    Lead went from WTF is
    Flutter to talk in 5 weeks
    HOW to handle erasure with Flutter fire

    View Slide

  13. Handling erasure with
    Firebase
    ❏ Conduct Impact Assessment
    ❏ Configure Firebase
    ❏ Review data structure
    13

    View Slide

  14. Privacy Impact Assessment
    14
    Provide controls to make it
    simple for users to delete
    their data
    Data Privacy Impact
    Assessment and determine
    risks
    Find opportunities to
    Minimize Data
    PIA at a high level

    View Slide

  15. Firebase setup
    ● Wire up Auth with flutterfire
    ● Install Firebase Extensions
    ● Configure Delete User Data
    firebase.google.com/products/extensions
    & Implement Extension

    View Slide

  16. npm install -g firebase-tools
    ...
    firebase ext:install delete-user-data
    --project=projectId
    16
    Installing via
    CLI
    Update your CLI and Install
    the extension

    View Slide

  17. 17
    Review Data
    Structure
    Update your CLI and Install
    the extension

    View Slide

  18. 18
    Firebase
    Extensions
    Pre-packaged solutions to
    save time
    Switched to
    Editor

    View Slide

  19. Summary
    Conduct a PIA
    Assessment of risks >
    Remediate > monitor
    continuously as you would
    security.
    Setup Firebase
    Configure your environment,
    spot check your data
    architecture, and ensure users
    data is keyed to UID.
    Implement Extension
    As you do, be sure to think
    about the three C’s. Context,
    Choice, and Control.
    19

    View Slide

  20. The pandemic & how
    Flutter turned an idea
    into a prototype, quickly.
    Code walkthrough with Flutter & Firebase

    View Slide

  21. FlutterFire Walkthrough
    ❏ Installing FlutterFire plugins
    ❏ Setup IDE
    ❏ Implement & monitor the Extension
    21

    View Slide

  22. Installing FlutterFire
    Plugins
    22

    View Slide

  23. dependencies:
    flutter:
    sdk: flutter
    firebase_core: "^0.5.0"
    firebase_auth: "^0.18.0+1"
    23
    Add &
    Download
    Dependencies
    Add the firebase_auth
    dependency to your projects
    pubspec.yaml flutter pub get

    View Slide

  24. import 'package:firebase_auth/firebase_auth.dart';

    import 'package:cloud_firestore/cloud_firestore.dart';

    // Delete User
    Future deleteUser() async {
    FirebaseUser user = await getUser;
    try {
    await user.delete();
    } catch (e) {
    ...
    }
    }
    24
    Implement
    Extension
    Leverages FlutterFire with
    Cloud Firestore, Cloud
    Storage

    View Slide

  25. Widget confirmButton = FlatButton(
    ...
    onPressed: () {
    Navigator.of(ctx).pop();
    deleteUserData(ctx, auth);
    },
    );
    25
    Implement
    Extension
    Leverages FlutterFire for
    Cloud Firestore

    View Slide

  26. 26
    Switched to
    Console

    View Slide

  27. Monitoring
    ● Auth dashboard
    ● Add
    firebase.google.com/products/extensions
    Your extensions

    View Slide

  28. Summary
    Installing FlutterFire
    plugins
    firebase.flutter.dev gets you
    plugins for auth, analytics,
    Firestore, Cloud messaging
    and more across mobile and
    web.
    Setup IDE
    VSCode with the Dart,
    Awesome Flutter Snippets,
    Flutter Extension plugins was
    the way to go.
    Implement & monitor the
    Extension
    You can monitor the activity of
    your extension, in the
    Functions panel including
    checks on health, usage, and
    logs.
    28

    View Slide

  29. Positive Sum Opportunities
    Vulnerabilities and breaches
    cause Governments to view
    data as a human right.
    Growth In Regulations
    Massive amounts of our
    personal data is given up
    for convenience.
    Growth In Data
    Regulations

    View Slide

  30. Data Privacy & Current Landscape
    CCPA
    30
    PIPEDA
    LGPD
    GDPR
    PDO
    APP
    MDPA

    View Slide

  31. 31

    View Slide

  32. Lessons learned
    Choose the right tool
    Visual Studio Code FTW.
    Started with Android Studio
    based on demos but with the
    right VSCode plug-ins, I never
    looked back.
    Minimize data
    Think deeply about what data
    you really need. Consider
    progressively collecting them
    when your user needs it.
    It's shiny but not a toy
    Complex applications may
    require non-GCP. OOTB, there
    are powerful integrations like
    firebase. You have a lot of
    options if you're willing to do
    the work.
    32

    View Slide

  33. Thanks! 2020
    Your questions?
    You can find me at @nobleackerson on Twitter & Medium

    View Slide

  34. Appendix
    34

    View Slide

  35. Data
    Right to Access
    Where would you expect to request
    access or deletion of your data if not
    Account?

    View Slide

  36. Easy access to my data
    ● Intuitive controls so that I can act on my consent
    ● The rights to rectification, deletion, and information
    36

    View Slide

  37. Minimize your data
    Data processing should only use as much data as is required to
    successfully accomplish a given task.
    37

    View Slide