In getting a blank form through the kobocollect application as a shared user I am able to get other forms of the user, fill in the form, and send the forms. I verified through the owner account if the data gets through and it does. Thus, compromising the analysis of the data collection. Please fix this asap.
Steps to Reproduce
In the server settings of the KoBoCollect app, edit the server to another kobotoolbox user’s server.
Get blank form to view only what is supposedly only the shared forms.
Fill and send the forms.
Check the data of the owner account.
I expected that in changing my server to another user’s server and getting a blank form that I would not be able to access any of the forms unless they were shared to me.
I am able to get, fill in, and send forms that were not shared to me through the kobocollect app. All I had to do was know the url of another user to gain access to these forms.
Please fix asap as there is a serious risk of compromising important data analysis.
Welcome to the community @ahs41510! At the moment there are a multiple ways that could overcome the issue you have outlined to be an issue:
Have only one user account to manage one survey project. With this, the enumerators should not have anything to pull from the KoBoToolbox server while getting blank forms.
You could also archive your project (that is un necessary) as outlined in the support article Archiving and Unarchiving Projects. Maybe this could also help you overcome the issue you have outlined above.
The other approach is by configuring your Collect android app i.e. maybe the admin or the supervisors could get the required blank form from the KoBoToolbox server and then configure the app as outlined below:
Open Collect android app
Press Admin Settings
Press Main Menu Settings
Then uncheck Get Blank Form. With this, the enumerator is not able to get any other blank forms from the KoBoToolbox server apart from what is already there in the device. Once this is done please return to the main page.
Once again, press Admin Settings
Select Admin Password and then provide a password for the Collect android app. With this, the enumerator are not able to change any settings from the Admin Settings.
Apart from these workaround, there is also a feature request which should solve the issue you have outlined:
Please feel free to VOTE if you wish to see this in the future.