Since I’m making an app that deals with users’ personal finances I’ve been thinking a lot about security. I’ve developed a two-fold approach to handling security that will keep your personal information safe.
1) I don’t collect your personal information, at all. Glass Jar does not upload your save file or any other information anywhere. You’re save files are not “in the cloud”, they’re just on your phone. I can’t mishandle information I don’t have. Future development might (might!) move your save file into iCloud or possibly Drop Box. I think that would be a great feature, but your data would then be in the trust worthy hands of those services, I still wouldn’t have it. But what if, when that day comes, they give out your information? Or what if you just lose your phone? That brings me to point number two.
2) Glass Jar should never contain dangerous information in the first place. You can name your accounts what ever you want to. I strongly encourage using names like “My Savings”, and “My Visa”. You should never name an account “Visa# 1234-5678-90-0000” because if you lose your phone you could be in trouble. This little rule doesn’t just apply to Glass Jar, it’s good practice everywhere. Besides, why use account numbers? Doesn’t “My Checking” accomplish the same thing and look nicer to boot?
So, there’s my two-part security plan. Don’t collect save files and don’t let the save files contain dangerous information in the first place. Put another way, don’t lose the users’ info, but make the info harmless just in case. I think we’ll all get along swimmingly under this plan.
Don’t get me wrong, as the app evolves security might become an issue; if that day comes a more robust solution WILL be implemented. In the mean time, since this is a serious subject, I’d love to hear any thoughts you might have on it.