|
|
|
|
|
|
by dpifke
1337 days ago
|
|
|
It might be possible to build this app in a way that none of the information ever leaves the device. I would be very surprised if that was the case here. Most large IT departments have a list of approved browsers and browser extensions. The scenario you described would fall under the same policy. If Chrome uploaded the content of intranet web pages to Google, I expect it would be banned as well. |
|
|
Not only is it possible to build it this way but I think it's far more likely that it already is built this way. Since the app is pulling up schedules for individual users, there's no benefit to scraping the info on a server or caching any of it as it would be unique for each user. There's no reason for that info to leave the device. The content is pulled, formatted, and then displayed in a style that matches the rest of the app. This can easily be done on-device and would be less efficient to do off-device.
>Most large IT departments have a list of approved browsers and browser extensions.
This is completely irrelevant considering this is being done on mobile devices. On iOS, at least, it's all webkit and done within the app itself. I was just using Chrome as an example for how this process is done without sending the credentials to a third party. Unless the company wants to ban people checking their own schedules, there's no way they can stop someone from logging in to a web browser and having the content scraped. As an example, let's say they only allowed Microsoft Edge as the "approved" browser and they didn't allow any Edge extensions to be installed. The user can still pull up the page in Edge, save the content once it's loaded, and feed the folder/HTML file to the app to scrape the content. There's literally no way for them to prevent this other than by severely obfuscating the content (e.g., randomly adding invisible characters into strings to prevent string searches or adding bogus HTML elements to prevent searches for element patterns) or ceasing access to it completely.