After a great call with @Darren_Murphy my eyes are now opened to data and how available it is, even if you do not want it to be. I had seen @Robert_Petitto’s video on Row Owners but not fully understood the implications of how Glide actually works.
So what I understand is:
- data in most Glide apps is basically available to any user of the app using ‘Inspect’ (if using Chrome) then navigating to the Networks area (?) and scrolling down to one part… and you can see everything. Argh.
- ‘hidden tabs’ are not really hidden. The device can still see all the data. All of it that Glide uses somewhere. You can use Row Owners (email) or then Roles (see below) or Protected Columns (a good option for some data types)…
- some of the security options for ‘Private’ apps are odd (at best) - such as ‘restrict by password’. This means ONE password. You might as well write it on your web site. Argh. Odd choice…
- the ‘anonymized email’ is bizarre - the email names are friendly, you cannot see them as the dev… but they are also totally unusable as they are not real emails at all. You cannot send the person an email and resolve the alias. It just goes into space. It is not pointless, but hardly point-ful.
- Private Pro is NOT the same thing as Pro (it just used half the name). A Pro app (I have one the $32 a month option) gives you Row Owners but NOT controlling via ‘role’ (or groups, etc). Then it is $40 per month min (as $2 per month x 20 min people) - and Glide might come up with a better price. This seems like an app could become expensive quite quickly as I do not know what counts as an active users (going into the system once in a month?). A 50K user system… might be 100K a month? (OK, likely discounts, but still)
Next what data is actually made available if it is out in the clear? If you have a sheet / Glide table and it contains Rel columns, is the data from the Rel column ‘target’ also brought into the device at the same time? Might we try to hide more confidential in another part of the app… but the Relationship column brings it in anyway?
This EU GDPR thing is a real issue for anyone who has any EU users. Which will be a lot of people. Now you can ask permission to do things, and I am doing more investigations on what is best to do (thanks to @Krivo for actually pushing me in this direction). From what I can tell Personal Identifiable Info (PII) is a defined thing (mostly) but it drives you into a logic of ‘do I really need this data in my app… is it worth the potential hassle’.
Then it will come down to a readable Terms & conditions that cover the app, plus the underlying Glide and Google Sheets issues (and all the other plug-ins that might be part of the overall app). I am still making my way through one service (recommended in here - thanks!) that will make a custom Terms & Conditions doc based on the various services used and how they are being used.
Fortunately for now the app I am building is a prototype not really being played with by users. It does make me think now how I can architect the app and data better to be less open by the ‘Inspect’ backdoor. I would imagine it would not be hard for a motivated person to be able to scrape all the data from all Glide apps they could find… argh.
I then do not know how a 200K row system would function, how slow it might become for end users (as they would be downloading the entire dataset - unless the app has been more rigorously protected).
And just thinking about restructuring… making a copy of the template, playing around in it, then using some magic (actual magic with a wand) to copy across changes from one template to another. OK, no magic exists. I have been doing screenshots and diligent manual copying (with at least 1 mistake always). Argh.
Still, I love the platform and so much can be done with it. I have been very impressed by all the improvements over the last 12 months and am therefore hopeful for more on the horizon. Maybe for my app I end up with something for a good sized group of friendly people who accept the T&Cs and conditions of privacy (or absence thereof), and use it as a reference for a different platform eventually. Personally I like playing in Glide and GSheets as I understand them, whereas otherwise I have no idea how to code!
Anyway some thoughts for the evening and some work for the rest of the week. Thanks all!