Demo Mode

No student ID available

Activity 6 of 12

Activity 6: Data Security Implementation

Practice and reinforce the concepts from Lesson 6

Activity: Data Security Implementation

Objective

Implement client-side encryption for sensitive user data in a mental health support app, ensuring data privacy even from app developers.

Scenario

Your peer support app stores:

Personal crisis notes
Peer conversation history
Mood tracking data
Emergency contacts

Security Implementation Steps

Step One: Local Encryption Setup (10 minutes)

Install Encryption Library:

bash

npm install react-native-keychain @react-native-async-storage/async-storage crypto-js

Generate User-Specific Key:

javascript

import CryptoJS from 'crypto-js';
import { Keychain } from 'react-native-keychain';

const generateUserKey = async (userId) => {
  const existingKey = await Keychain.getInternetCredentials(userId);
  
  if (existingKey) {
    return existingKey.password;
  }
  
  const newKey = CryptoJS.lib.WordArray.random(256/8).toString();
  await Keychain.setInternetCredentials(userId, userId, newKey);
  return newKey;
};

Step 2: Data Encryption Functions (10 minutes)

Encrypt Sensitive Data:

javascript

const encryptData = (data, userKey) => {
  const jsonString = JSON.stringify(data);
  const encrypted = CryptoJS.AES.encrypt(jsonString, userKey).toString();
  return encrypted;
};

const decryptData = (encryptedData, userKey) => {
  const decrypted = CryptoJS.AES.decrypt(encryptedData, userKey);
  const jsonString = decrypted.toString(CryptoJS.enc.Utf8);
  return JSON.parse(jsonString);
};

Storage with Encryption:

javascript

import AsyncStorage from '@react-native-async-storage/async-storage';

const storeSecureData = async (key, data, userKey) => {
  try {
    const encryptedData = encryptData(data, userKey);
    await AsyncStorage.setItem(key, encryptedData);
  } catch (error) {
    console.error('Storage error:', error);
  }
};

const retrieveSecureData = async (key, userKey) => {
  try {
    const encryptedData = await AsyncStorage.getItem(key);
    if (encryptedData) {
      return decryptData(encryptedData, userKey);
    }
    return null;
  } catch (error) {
    console.error('Retrieval error:', error);
    return null;
  }
};

Step 3: Integration Example (10 minutes)

Saving Crisis Notes:

javascript

const saveCrisisNote = async (noteContent, userId) => {
  const userKey = await generateUserKey(userId);
  const noteData = {
    content: noteContent,
    timestamp: new Date().toISOString(),
    mood: currentMood
  };
  
  await storeSecureData(`crisis_note_${Date.now()}`, noteData, userKey);
};

const loadCrisisNotes = async (userId) => {
  const userKey = await generateUserKey(userId);
  const keys = await AsyncStorage.getAllKeys();
  const crisisNoteKeys = keys.filter(key => key.startsWith('crisis_note_'));
  
  const notes = await Promise.all(
    crisisNoteKeys.map(async (key) => {
      return await retrieveSecureData(key, userKey);
    })
  );
  
  return notes.filter(note => note !== null);
};

Security Testing

Test One: Key Protection

Verify keys are stored in secure hardware (Keychain/Keystore)
Confirm keys don't appear in regular app data
Test key persistence across app restarts

Test 2: Data Inspection

Check AsyncStorage contents - should see encrypted strings only
Verify personal data is not readable without decryption
Test data recovery with correct/incorrect keys

Test 3: Edge Cases

App uninstall/reinstall (key loss scenario)
Device backup/restore
User logout/login flows

Privacy Benefits

This implementation ensures:

Data encrypted before leaving the device
App developers cannot read user content
Data breaches expose only encrypted information
Users control their encryption keys
No server-side data vulnerability

Real-World Considerations

Key backup and recovery strategies
Performance impact of encryption/decryption
Battery usage implications
Compliance with data protection regulations

📤 Submit Your Work

Complete this activity and submit your work through the Activity Submission Form

Activity 6 of 12

Activity 6: Data Security Implementation

Practice and reinforce the concepts from Lesson 6

Activity: Data Security Implementation

Objective

Implement client-side encryption for sensitive user data in a mental health support app, ensuring data privacy even from app developers.

Scenario

Your peer support app stores:

Personal crisis notes
Peer conversation history
Mood tracking data
Emergency contacts

Security Implementation Steps

Step One: Local Encryption Setup (10 minutes)

Install Encryption Library:

bash

npm install react-native-keychain @react-native-async-storage/async-storage crypto-js

Generate User-Specific Key:

javascript

import CryptoJS from 'crypto-js';
import { Keychain } from 'react-native-keychain';

const generateUserKey = async (userId) => {
  const existingKey = await Keychain.getInternetCredentials(userId);
  
  if (existingKey) {
    return existingKey.password;
  }
  
  const newKey = CryptoJS.lib.WordArray.random(256/8).toString();
  await Keychain.setInternetCredentials(userId, userId, newKey);
  return newKey;
};

Step 2: Data Encryption Functions (10 minutes)

Encrypt Sensitive Data:

javascript

const encryptData = (data, userKey) => {
  const jsonString = JSON.stringify(data);
  const encrypted = CryptoJS.AES.encrypt(jsonString, userKey).toString();
  return encrypted;
};

const decryptData = (encryptedData, userKey) => {
  const decrypted = CryptoJS.AES.decrypt(encryptedData, userKey);
  const jsonString = decrypted.toString(CryptoJS.enc.Utf8);
  return JSON.parse(jsonString);
};

Storage with Encryption:

javascript

import AsyncStorage from '@react-native-async-storage/async-storage';

const storeSecureData = async (key, data, userKey) => {
  try {
    const encryptedData = encryptData(data, userKey);
    await AsyncStorage.setItem(key, encryptedData);
  } catch (error) {
    console.error('Storage error:', error);
  }
};

const retrieveSecureData = async (key, userKey) => {
  try {
    const encryptedData = await AsyncStorage.getItem(key);
    if (encryptedData) {
      return decryptData(encryptedData, userKey);
    }
    return null;
  } catch (error) {
    console.error('Retrieval error:', error);
    return null;
  }
};

Step 3: Integration Example (10 minutes)

Saving Crisis Notes:

javascript

const saveCrisisNote = async (noteContent, userId) => {
  const userKey = await generateUserKey(userId);
  const noteData = {
    content: noteContent,
    timestamp: new Date().toISOString(),
    mood: currentMood
  };
  
  await storeSecureData(`crisis_note_${Date.now()}`, noteData, userKey);
};

const loadCrisisNotes = async (userId) => {
  const userKey = await generateUserKey(userId);
  const keys = await AsyncStorage.getAllKeys();
  const crisisNoteKeys = keys.filter(key => key.startsWith('crisis_note_'));
  
  const notes = await Promise.all(
    crisisNoteKeys.map(async (key) => {
      return await retrieveSecureData(key, userKey);
    })
  );
  
  return notes.filter(note => note !== null);
};

Security Testing

Test One: Key Protection

Verify keys are stored in secure hardware (Keychain/Keystore)
Confirm keys don't appear in regular app data
Test key persistence across app restarts

Test 2: Data Inspection

Check AsyncStorage contents - should see encrypted strings only
Verify personal data is not readable without decryption
Test data recovery with correct/incorrect keys

Test 3: Edge Cases

App uninstall/reinstall (key loss scenario)
Device backup/restore
User logout/login flows

Privacy Benefits

This implementation ensures:

Data encrypted before leaving the device
App developers cannot read user content
Data breaches expose only encrypted information
Users control their encryption keys
No server-side data vulnerability

Real-World Considerations

Key backup and recovery strategies
Performance impact of encryption/decryption
Battery usage implications
Compliance with data protection regulations

📤 Submit Your Work

Complete this activity and submit your work through the Activity Submission Form