Is it possible to whitelist android devices for access to DHIS2? A user downloading the android app to their personal device and using their login seems more of a security risk than the current debate over screenshots in non-training APK.
Hi @chase.freeman.
We have been lightly discussing this lately and we will try to think about something. At the moment there is no way of whitelisting / blacklisting users per se. However, if you want to ban the access to every Android user you could implement a rule in your NGINX / Apache denying certain User-Agents.
For example, the User Agent for last version is:
User-Agent: com.dhis2/1.2.0/2.2/Android_28
I am planning to write a short guide about this next week.
A public key infrastructure solution built into DHIS2 could help with this.
Alternatively, depending on how big your user base is, you could simply host DHIS2 behind a certificate secured VPN and deploy certificates to your authorized clients.
1 Like