Benjamin Tyzack B7008109 Software Engineering SE3

Project Specification SLEP Analysis

The Issues

The first issue I found with the monitoring attendance project is that by only using android devices
eliminates all apple device users from using the application. The social side to this issue is that the
application is restricted to certain people which would make apple device users see it as an unfair way
to monitor attendance. The professional side to the issue is that only some people can clock in or out of
a location, so it would impact the data collected. I have chosen this as an important issue because it
makes the application restrictive in the way of use and could cause a lot of problems in a company or
university.

The main issue relating to this project is the fact that the application will be holding personal
information of a user’s location. This is a big ethical and legal issue as universities/ companies will be
holding personal data that some people deem as a breach of privacy and users are unaware of who can
access the data and how securely it is held. I have chosen this as a key issue with the project because it
puts the personal data of users at risk if a data breach was to occur.

The final issue I found with this project is the fact that someone could scan another user into the work
place or lecture etc so that user looks like they’re in attendance when they’re somewhere else. For
example, within a university, a student could easily clock their friend into a lecture just by scanning the
QR code and entering their name. This is a key issue due to the affect it will have on the accuracy of the
data collected by the application. I chose this issue to indicate a key flaw in the application.

The Impacts

The first issue I stated above would cause an impact on the data collected by the application. This is
because the users on apple devices can’t have their attendance recorded which in turn makes the
application unreliable as not everyone can clock in or out of a location, so the data on the system will
therefore be inaccurate and unusable. A way to address this impact is to have a temporary paper time-
sheet system for non-android users so they can have their attendance monitored while the application
is updated to be supported on apple devices as well.

The second issue stated above about collecting location data will impact how the application gains the
data in a lawful way and how the data is stored to abide by the GDPR. This is because if the data isn’t
collected in a consensual way then it is classed as a breach of personal data and can lead to legal action
taking place. The GDPR refers to a personal data breach as a breach of security that can lead to
unauthorised disclosure of, or access to personal data transmitted or stored (Calder, 2016). A way to
address this impact is to make the application ask for permission from users to have access to their
location and to inform the users that the data will be stored securely with limited access by authorised
administrators only.

The final issue stated will impact the project as it affects the data collected by the application. This is
because if someone else clocks in another user, it is a breach of data and will make the data collected by
the application inaccurate, unreliable and therefore useless as it is a false representation of the
attendance within the situation e.g. a university lecture. An easy way to address this impact is to make
the users create an account on the application so when they scan into a location it will show up on the
system under their account and not just as a name and location.
Benjamin Tyzack B7008109 Software Engineering SE3

Public Examples

In 2016, the ride-sharing company Uber had a data breach that affected 57 million customers and
drivers whose names, email addresses, mobile phone numbers and even location data was exposed to
the hackers. The two hackers were able to find and access the log in credentials for Uber’s Amazon Web
Services which is a cloud computing service the company used for storing its data (Wong, 2017). This
example is relevant to this project as within the data breach, location data of drivers and users were
exposed which is an issue/ impact this project could also run into if the data isn’t secure properly.

In September 2018, Facebook had a massive data breach exposing the personal details of 50 million
accounts. The hackers exploited the “View As” feature that had a video-upload box left activated so in
using this box a key would be generated that gave access to that other person’s account (Heaven, 2018).
The breaching of personal data within this example relates to this project specification because it once
again indicates that the application must be secure, and data collected must be stored safely.

Android devices have always been susceptible to major lapses in security and user privacy. This is mainly
down to the manufacturers lying about security updates that devices get and with a vast number of
devices running Android OS the security is more easily breached then Apple’s IOS. App permissions on
Android easily mislead users about what data an app is obtaining and for what purpose (Savov, 2018).
This example relates to the potential personal data that can be obtained by the application without
needing permission from users.

This report analyses Project Specification 6

References
Calder, A. (2016). EU GDPR: a pocket guide. IT Governance Publishing.

Heaven, D. (2018, October 1). Massive Facebook data breach left 50 million accounts exposed.
NewScientist. Retrieved from https://www.newscientist.com/article/2181099-massive-facebook-data-
breach-left-50-million-accounts-exposed/

Savov, V. (2018, April 13). Android’s trust problem isn’t getting better. Retrieved from
https://www.theverge.com/2018/4/13/17233122/android-software-patch-trust-problem

Wong, J. (2017, November 22). Uber concealed massive hack that exposed data of 57m users and
drivers. The Guardian. Retrieved from https://www.theguardian.com/technology/2017/nov/21/uber-
data-hack-cyber-attack