Signing out of Mobile App
For example, there's an option to "Sign out from all other sessions" in Google's Gmail. Is there an equivalent for Logos?
[Currently using iOS]
Comments
-
Hi Joshua
For example, there's an option to "Sign out from all other sessions" in Google's Gmail. Is there an equivalent for Logos?
No there isn't a mechanism to do this.
Why do you want this capability?
Graham
0 -
Hi Joshua
For example, there's an option to "Sign out from all other sessions" in Google's Gmail. Is there an equivalent for Logos?
No there isn't a mechanism to do this.
Why do you want this capability?
Graham
Hi Graham,
Security reasons, mostly. Suppose the mobile device is misplaced and a malicious user now decides to make fraudulent transactions on apps with active sessions. In such a scenario, how would/should the affected Logos user mitigate the problems?
0 -
Graham provided your answer (no).
Logos is intended for "one user." An iPhone and iPad is also intended for "one user," although many do have shared devices. There isn't a great need for Faithlife to create a sign out feature. Having the ability to repeatedly sign in & out would either mean the proliferation of data (all the notes & downloaded resources for each user who has ever signed in) OR it would mean that resources and notes would have to redownload each and every time the user signed in.
A better option may be to have someone else sign in to the web app from mobile safairi.
0 -
Security reasons, mostly. Suppose the mobile device is misplaced and a malicious user now decides to make fraudulent transactions on apps with active sessions. In such a scenario, how would/should the affected Logos user mitigate the problems?
Fair question - but as far as I can see that the device being misplaced would allow anyone else to make transactions.
The only things you can purchase in the mobile apps are things from the Logos store. I've just tried to start such a transaction to check and I am required to enter my Apple security details to confirm the in-app purchase. So this wouldn't be possible for someone who has obtained the device.
Or am I missing something?
More generally, with the app being designed for one user Faithlife has never seen the need to support signing out. Although it has been requested in the past for various reasons. There are some potential issues in supporting this, particularly around whether downloaded resources can be maintained if that were to happen.
0 -
-
"... notes would have to redownload each and every time the user signed in."
Ah... Did not think of that. That would be rather taxing on the server. There must be a better workaround though.
0 -
Security reasons, mostly. Suppose the mobile device is misplaced and a malicious user now decides to make fraudulent transactions on apps with active sessions. In such a scenario, how would/should the affected Logos user mitigate the problems?
Fair question - but as far as I can see that the device being misplaced would allow anyone else to make transactions.
The only things you can purchase in the mobile apps are things from the Logos store. I've just tried to start such a transaction to check and I am required to enter my Apple security details to confirm the in-app purchase. So this wouldn't be possible for someone who has obtained the device.
Or am I missing something?
More generally, with the app being designed for one user Faithlife has never seen the need to support signing out. Although it has been requested in the past for various reasons. There are some potential issues in supporting this, particularly around whether downloaded resources can be maintained if that were to happen.
Good point about the Apple security check. Glad to hear - thanks for sharing your findings.
How about if this malicious user decides to start altering sermon outlines and deleting notes just for the fun of it... surely FaithLife would have to have to possess some sort of "switch" to boot this unauthorized user out?
I can better appreciate why such a feature currently does not exist.
Suggestion: Prompt for password on the mobile app whenever password is changed (on the web app). This way, when a device has been stolen/compromised, the user can simply change his password so that all his accounts are effectively "locked/logged out". Does this sound feasible?
0 -
One can only dream! Perhaps iOS12? [:P]
0 -
Good point about the Apple security check. Glad to hear - thanks for sharing your findings.
No problem
How about if this malicious user decides to start altering sermon outlines and deleting notes just for the fun of it.
Currently sermon documents are read only on the mobile apps so we are safe there - but your general point is well made. Someone who gained access to your device would be able to add / modify / remove notes or highlights, change clippings, update prayer lists and maybe some other things.
Suggestion: Prompt for password on the mobile app whenever password is changed (on the web app). This way, when a device has been stolen/compromised, the user can simply change his password so that all his accounts are effectively "locked/logged out". Does this sound feasible?
Actually as far as I know changing the password within your Logos account on their servers stops you using the mobile app until the password has been updated to match. So if you become aware of your device being stolen a good first step would be to change your central Logos password. The problem is actually the other way - as you refer to - in that there is no way within the app to change the password (unless this has been changed recently) and so to start using the new password you need to delete and reinstall the app. In general this can be a problem but in the scenario we are discussing here it's less of a problem.
And the other thing is to ensure there is appropriate levels of security set up on the mobile devices themselves.
0
