The Data Protection Assessment is a requirement for apps accessing advanced permissions designed to assess how developers use, share, and protect Platform Data as described in the Facebook Platform Terms.
“For apps accessing the highest sensitivity of user data, developers will be required to provide evidence such as examples of contractual language with service providers regarding Platform Data, any third-party data security certification such as a SOC2, a link to ways people can report vulnerabilities they have uncovered with your app, and descriptions of ways users can request that their data be deleted, to support their responses to the assessment,” said Facebook.
Back4App works with a shared Responsibility Model and consists of shared responsibility between Back4app and the customer. This shared model can help relieve the customer’s operational burden as Back4app operates, manages, and controls the components from the hosting services.
Examples of responsibility:
- Back4app: Software, database, storage, etc.
- Customer: Customer data, access management, authentication, etc.
Have a system for keeping system code and environments updated, including servers, virtual machines, distributions, libraries, packages, and anti-virus software.
Back4App always updates its list of available versions on the Dashboard so that the user can change it on their side.
In addition, changing the code or versions of NPM, it can be done through Cloud Code which allows the customer to manage the code on his side.
Test your app and systems for vulnerabilities and security issues at least every 12 months
Back4App provides a Security page in which it is possible to show the improvements related to the security of the app which can be accessed at any time. Please, go to App Status > Security.
Require multi-factor authentication for remote access
The Back4App platform provides a way to put MFA on your customers' accounts.
Also, our security report, warns the user that their account does not have MFA enabled on their account.
Data security requirements
When data backup is required, the data stored on Back4App is a daily automated backup routine in place. This process runs once an hour which is stored for 5 days and once a day which is stored for 30 days.
In general, once the Back4App team is notified by firstname.lastname@example.org, the process can take up to 24 hours for the recovery requested by the customer, we will need the confirmation of the app Id, the class name that the client needs to recover and the Date and Time UTC that he wants to recover the clients.
Here is an example of backups made in the last hours:
Protect sensitive data like credentials and access tokens.
When accessing the parse dashboard, the application and API access keys will only be available with root or collaborator account access and by default, the URI of the database will be hidden.
The connection string will be hidden, however, it can be enabled by clicking on the ‘Show database URI’.
App Settings - Parse Dashboard
You can find your App Keys on your Parse Dashboard and they will be available only for collaborators or the owner.
Security & Keys - Parse Dashboard
Parse Server makes it possible to rotate the access token that is generated during the login process.
Feel free to reach out if you have any questions.