Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Data Erasure & Governance with Flutter & Firebase

Data Erasure & Governance with Flutter & Firebase

Is your Android App built to respect your users' data deletion requests?
As consumers, we overwhelmingly expect control over the data we share with our apps, 90% of American consumers according to TrustArc's January 2020 survey*.
As App Developers, we can enable our products to meet this demand.

Using Flutter and Firebase, Noble, walks through patterns and libraries leveraging Flutter and Android to empower your users' right to remove their data from your app, seamlessly.

Link: https://emamo.com/event/android-summit-2020/s/how-to-respect-users-data-erasure-requests-with-flutterfire-WR3b9o

Noble Ackerson

October 08, 2020

More Decks by Noble Ackerson

Other Decks in Technology


  1. 3 Analysis Help homeowners remember • Surveys • Heuristic analysis

    of adjacent tools • Problem prioritization
  2. Agenda 1. Why respect deletion requests? 2. Users’ data and

    your app experience 3. Code walkthrough with Flutter & Firebase 4. Summary 4
  3. Hello! I am Noble Sr. Product Manager, Ventera Former Google

    Developers Expert for Product Strategy 5 Emergent Technologies Data Ethics Product Strategy Noble
  4. Why respect data erasure requests? ❏ Users context and choice

    ❏ Intuitive controls in your application ❏ It’s not your data 7
  5. Choice, Control, & Erasure • Leave it to your users

    to choose data they want to share with you • Choice also means the ability to revoke their consent later • Control means the ability to erase my data is accessible and intuitive. 8 Image credit Aaron Iker | Dribbble
  6. • Names • Addresses • Email addresses • SSN/National ID

    # • Personal Health Info • ... Personal Data Data Categories Specific To Our App • Property tax information • Inspection Reports • Location information • Banking information • Photos
  7. Context Clear reason why you need my data. How long

    do you need it? Who are you sharing this data with and when? Choice Give me agency over my data. How often does that data change? Can I revoke my consent at any time? Control Easy access to my data. Do: Use standard, low-friction patterns. Don’t: Use dark patterns, hidden links. 11 Why respect erasure requests?
  8. How a panicked Product Lead went from WTF is Flutter

    to talk in 5 weeks HOW to handle erasure with Flutter fire
  9. Privacy Impact Assessment 14 Provide controls to make it simple

    for users to delete their data Data Privacy Impact Assessment and determine risks Find opportunities to Minimize Data PIA at a high level
  10. Firebase setup • Wire up Auth with flutterfire • Install

    Firebase Extensions • Configure Delete User Data firebase.google.com/products/extensions & Implement Extension
  11. npm install -g firebase-tools ... firebase ext:install delete-user-data --project=projectId 16

    Installing via CLI Update your CLI and Install the extension
  12. Summary Conduct a PIA Assessment of risks > Remediate >

    monitor continuously as you would security. Setup Firebase Configure your environment, spot check your data architecture, and ensure users data is keyed to UID. Implement Extension As you do, be sure to think about the three C’s. Context, Choice, and Control. 19
  13. The pandemic & how Flutter turned an idea into a

    prototype, quickly. Code walkthrough with Flutter & Firebase
  14. dependencies: flutter: sdk: flutter firebase_core: "^0.5.0" firebase_auth: "^0.18.0+1" 23 Add

    & Download Dependencies Add the firebase_auth dependency to your projects pubspec.yaml flutter pub get
  15. import 'package:firebase_auth/firebase_auth.dart'; … import 'package:cloud_firestore/cloud_firestore.dart'; … // Delete User Future<void>

    deleteUser() async { FirebaseUser user = await getUser; try { await user.delete(); } catch (e) { ... } } 24 Implement Extension Leverages FlutterFire with Cloud Firestore, Cloud Storage
  16. Widget confirmButton = FlatButton( ... onPressed: () { Navigator.of(ctx).pop(); deleteUserData(ctx,

    auth); }, ); 25 Implement Extension Leverages FlutterFire for Cloud Firestore
  17. Summary Installing FlutterFire plugins firebase.flutter.dev gets you plugins for auth,

    analytics, Firestore, Cloud messaging and more across mobile and web. Setup IDE VSCode with the Dart, Awesome Flutter Snippets, Flutter Extension plugins was the way to go. Implement & monitor the Extension You can monitor the activity of your extension, in the Functions panel including checks on health, usage, and logs. 28
  18. Positive Sum Opportunities Vulnerabilities and breaches cause Governments to view

    data as a human right. Growth In Regulations Massive amounts of our personal data is given up for convenience. Growth In Data Regulations
  19. 31

  20. Lessons learned Choose the right tool Visual Studio Code FTW.

    Started with Android Studio based on demos but with the right VSCode plug-ins, I never looked back. Minimize data Think deeply about what data you really need. Consider progressively collecting them when your user needs it. It's shiny but not a toy Complex applications may require non-GCP. OOTB, there are powerful integrations like firebase. You have a lot of options if you're willing to do the work. 32
  21. Data Right to Access Where would you expect to request

    access or deletion of your data if not Account?
  22. Easy access to my data • Intuitive controls so that

    I can act on my consent • The rights to rectification, deletion, and information 36
  23. Minimize your data Data processing should only use as much

    data as is required to successfully accomplish a given task. 37