Since Mental Health Scales keeps personal information and test results on a portable device, security is a prime consideration. There are two different levels of security.
On iPhone 3GS, iPhone 4 and later, iPod Touch (3rd generation and up), and iPad (any model), Mental Health Scales uses Apple’s Data Protection feature to secure the database containing all of its confidential information. Data Protection uses a user’s device passcode to generate a strong encryption key. This key prevents data from being accessed when the device is locked, ensuring that the database is secured even if the device is compromised. (NOTE: These devices must be running iOS 4 or later to take advantage of this feature. Refer to the link below for further details. iOS 6.0 is the minimum version for Mental Health Scales 2.2 and iOS 9.0 is the minimum version for Mental Health Scales 2.3.)
To turn on the data protection feature for Mental Health Scales (or any application employing it for that matter) you must be using a passcode to control access to your device. Please see "Use a passcode with your iPhone, iPad, or iPod touch" to learn how to set a passcode for your device. After the passcode is set, scroll down to the bottom of the screen and verify that the text "Data protection is enabled" is visible.
We strongly recommend that you maximize your security by following these Apple-recommended tips:
- On the Passcode Settings screen set Require Passcode to “Immediately”.
- Disable Simple Passcode to allow the use of longer, alphanumeric passcodes.
- Enable Erase Data to automatically erase the device after ten failed passcode attempts.
Your passcode is combined with an on-device key to produce a cryptographic key that is used to encrypt the database file using AES 256-bit encoding. When your device is locked (i.e has “gone to sleep” or you have pressed the Sleep/Wake button on the top of the device), this key is erased, rendering the file unreadable until the passcode is re-entered by the user and the key is reconstructed.
The Mental Health Scales application itself has two security modes built in - Secure Mode and Client Mode. These are secured by a user-specified password.
When Secure Mode is turned on, the password is required to access any part of the application. This is meant to prevent an unauthorized person from starting the application or bringing it to the foreground.
Client Mode allows a client or test subject to be given the device to use the application to perform a self reporting scale or test without being able to access anything in the application other than the rating scale or test selected by the clinician. The clinician can quickly activate Client Mode by tapping on the Lock button on the Test List screen before selecting the scale. The password is required to deactivate Client Mode.
Because loss of the password would render the application inoperable, the password is supplemented by a security question. The user can choose one of three questions and supply an answer to it. Should the password be lost, the correct answer to the security question will give access to the application. If both the password and the answer to the security question are lost there is no legitimate way to retrieve the data stored in the application.
Use of Touch ID and Face ID
On iPhone 5S through iPhone 8, and the iPad Mini 3, iPad Air 2 and later you can use Apple’s Touch ID as an alternate method to unlock the in-app security features of Mental Health Scales. To learn how to activate Touch ID on your device, see this Apple support document.
Mental Health Scales does not yet have the capability to use Apple's Face ID on iPhone X and later and iPad Pro models with the A12X Bionic chip to unlock its in-app security features.
If you have enabled Touch ID on your device the security settings screen in the app will show a third switch, labeled “Use Touch ID”, below the switches for Secure Mode and Client Mode. If you turn this on the Touch ID dialog will be superimposed on the app security panel (for those devices with Touch ID), and can be used to unlock the app instead of entering the password.