Which one is better to store user data when it comes to security?

which one like firebase, tinydb, tinywebdb etc. is better to store user data like gmail, phone no. etc. when it comes to user-data security. I think using google sheet will be more secure for person like me who know less techniqal knowledge. Guide me please.

With reservations, tinydb, because the data stays on the device.

Any online system is only as secure as the weakest link, which is when you are transferring the data!

You can improve on this by encrypting the data before transfer (and if it is important to you, do the same if storing data on the tinydb)

1 Like

okay, il check. Thankyou.

can i access the user information like email id or phone number of 'app users' as a developer of the app?

This all depends on what you do and how you do it.

I guess that you are saying that it is possible to handle user data using tinydb. But, i need precise knowledge for that. Can you share some youtube videos or links related to it. Thankyou.

http://ai2.appinventor.mit.edu/reference/components/storage.html#TinyDB

After reading the doc from above link with my limited English skill, I assumed that it is impossible fo the developers to get user data from their phones, so we can make a call or send email to them. Am I right? Add bit more clarity. Thanks.

As indicated, tinydb data is stored on the user's device only. It seems you need an online data storage solution. If used properly with authentication and rules in place, firebase realtime database is a good option.Here a link to using Firebase with AI2 and its REST api. You can also use Google Sheets (spreadsheet component or google apps scripts) but you would need to hash passwords and other sensitive information.

how can I hash password or any user data?

You can use javascript locally on your app:

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <title>SHA256</title>
  </head>
  <body>
    <script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/core.min.js"></script>
    <script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/sha256.js"></script>
    <script>
	  let digest;
	  if( window.AppInventor ){
		digest = window.AppInventor.getWebViewString();
		} 
      let algo = CryptoJS.algo.SHA256.create()
      algo.update(digest, "utf-8")
      hash = algo.finalize().toString(CryptoJS.enc.hex)
       if( window.AppInventor ){
		window.AppInventor.setWebViewString(hash);
		}
    </script>
  </body>
</html>

This is without using a SALT, and will need a network connection to fetch the two js libraries

or there are extensions that contain blocks which will hash a string for you.

Can I place this code in mit app? (within block?)

Sort of....

You need to upload the html file to your media folder assets.

You can then open this in a webviewer when needed and set the webviewstring to your "password".

Use the when WebViewStringChanged event to return the hash to the app.