Skip to content

Ethical, Legal, and Security Considerations

Jump to bottom
Zack edited this page Oct 27, 2022 · 13 revisions

Ethical Issues

  • Privacy
    • Credit card information is never stored on the application.
    • User account information is stored securely within the Firebase database and cannot be shared with other users through the application.
      • Firebase automatically encrypts stored user data.
      • Users authenticate themselves with their email and password through the Firebase authenticator, which also handles password reset emails.
    • Users have the agency to decide whether or not their personal location is used.
  • Discrimination
    • The service charges for displaying, handling, and delivering products fall within the expectations of the industry; there is no additional charge because the application focuses on those with visual impairments.
    • People might speculate that the app might be charging the visually impaired differently than other apps that are not focussed on serving the visually impaired alone.

Plan: We will implement Firebase authentication to ensure user privacy. All prices are pre-determined by Kroger, which is non-discriminatory according to their internal business ethics; the only additional cost will stem from the delivery/service fee for the application, which applies to all customers regardless of disability.

Legal Issues

  • Third Party Legal Obligations
    • The Kroger API we plan to use has some legal conditions for public use as listed below
      • Prohibited (Products API):
        • Comparing products/prices among other retailers.
        • Tracking, sharing, or storing data derived from customer searches or frequently viewed products.
        • Manipulating product data in any way. Meaning you cannot change values such as the name, description, or price.
        • Systematically scraping or gathering response data to create a database. This includes using bots or crawlers to retrieve data from our APIs.
      • Prohibited (Locations API):
        • Tracking, sharing, or storing data about the location of a customer.
        • Manipulating location, department, or chain data in any way. Meaning you cannot change values such as the name, address, or hours.
        • Systematically scraping or gathering response data to create a database. This includes using bots or crawlers to retrieve data from our APIs.
  • There is precedent for similar apps having legal issues due to a lack of clarity when it comes to additional surcharges such as service fees. . We need to be as clear as possible with users of the app and explain what these surcharges are for.
  • Graphics such as icons should not violate US copyright laws, so graphics used should be public domain or created from scratch.
  • Alcohol and tobacco products are not available for purchase, so potential underage buyers would be stopped.

Plan: Text for information such as prices, store names, product descriptions, etc., will directly get information from the Kroger API, and not data we define ourselves. Graphics used should be public domain or created from scratch. During checkout, an explanation for each additional surcharge will be available in order to inform users about what they are paying for and why. Lastly, tobacco and alcohol products will be excluded when calling the API.

Security Issues

  • Sensitive Information
    • Credit card information, the primary source of sensitive information, is not stored on the application. Regardless, all credit card transactions are done through standard secure tunnels.
    • Emails and passwords are the only other significant pieces of sensitive information; they are not stored locally either. These are handled through Firebase Authentication encrypts this information.
  • All the people who deliver groceries are background checked.
  • The information of products in the cart is re-validated at checkout. This is to prevent any mismatching of product information, intentional or otherwise, between adding them to the cart and purchasing them.
  • The only way that our app ecosystem can be compromised is if Firebase or the Kroger API is attacked.

Plan: Sensitive information such as emails and passwords are protected by the Firebase Authentication system. Protection plans are done by Firebase and the Kroger API since this is the only way malicious users can escalate their privileges. Additionally, all of the delivery drivers will be background checked.

Clone this wiki locally