In a small test project I implemented a Facebook login feature using both iOS' built in Accounts framework and Facebook's official FBSDKLoginKit.
I noticed however that when a user logs in using the native permissions dialog, I get access to more data compared to Facebook's login SDK. I'm able to access birthday and current city:
It's odd, Facebook's documentation states your app should go trough Facebook's Login Review if your app requests access to a user's exact birthday.
Should I be in any way worried to access that information using Apple's Accounts framework? (as it is clearly bypassing something Facebook put in place to protect users). Should this be reported to Apple?
Permission work without review for everyone with a role in the App, else you would not be able to test your App before sending it in for review. More information: https://developers.facebook.com/docs/facebook-login/review
Related
I've implemented the GoogleSignIn, Firebase and Facebook in my app and I'm uncertain what the upcoming iOS 14 Tracking Transparency changes will mean.
One of the points Apple considers as reason for asking permission to track is:
Placing a third-party SDK in your app that combines user data from your app with user data from other developers’ apps to target advertising or measure advertising efficiency, even if you don’t use the SDK for these purposes. For example, using an analytics SDK that repurposes the data it collects from your app to enable targeted advertising in other developers’ apps.
So, how do I find out if Google or Facebook is actually tracking anything within their SDK that's not in our control?
Basically I wanna know if I need to disable the social login if users don't give permission to track.
So, how do I find out if Google or Facebook is actually tracking anything within their SDK that's not in our control?
They kind of provided this type of information in their documentations:
Firebase
Facebook
GoogleSignIn
Basically I wanna know if I need to disable the social login if users don't give permission to track.
Not neccessary, I believe the developers for sure are aware of these changes and working to keep their products functional even when users don't grant permission for tracking.
For example in Facebook documentation there's a note regarding login types and which of them directly requires user's permission:
There are two scenarios for applications that use Facebook Login via the Facebook SDK: Authenticated Sign Up or Sign In, and User Data Access via Permissions. For authentication, a unique, app-specific identifier tied to a user’s Facebook Account enables the user to sign in to your app. For Data Access, a user must explicitly grant your app permission to access data.
However just below this they add the following:
Note: Since Facebook Login is part of the Facebook SDK, we may collect other information referenced here when you use Facebook Login, depending on your settings.
Thus I don't think there's a general answer for this question because it really depends on the data your app requests or operates with either directly or via third party.
I got following email from apple
1.0.1 Binary Rejected June 16, 2015
17.2 Details We noticed that your app uses Facebook login for authentication purposes but does not include account-based features
offered
I got following attachment
From Apple
17.2 - Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected
17.2 Details
We noticed that your app uses Facebook login for authentication
purposes but does not include account-based features offered by that
site, which is not allowed on the App Store.
Next Steps
Please modify your app to include account-based features of that
social network or use your own authentication mechanism.
what is the reason behinds it.
I have study the following links
https://www.parse.com/questions/app-rejected-facebook-login-doesnt-complete
App got rejected because only using Facebook as login option?
Apple rejected app 10.6 because Facebook opens Safari to login
Apple review Guidelines says here
5.1.1 Data Collection and Storage
(ii) If your app doesn’t include significant account-based features,
let people use it without a log-in. Apps may not require users to
enter personal information to function, except when directly relevant
to the core functionality of the app or required by law. If your core
app functionality is not related to a specific social network (e.g.
Facebook, WeChat, Weibo, Twitter, etc.), you must provide access
without a login or via another mechanism. Pulling basic profile
information, sharing to the social network, or inviting friends to use
the app are not considered core app functionality.
I've a published app that has an optional login feature without any "account-based features".
I think providing a "continue as guest" option will fix the issue.
This means that your app didn't implement another feature of Facebook anywhere else in your application, if you're asking for explanation. If you make an app that just has Facebook's Log-in API, but nothing else, then your app will be rejected. Find another feature of Facebook (such as sharing or invites) that you can implement somewhere in your application, and try again.
A few possible steps you can take:
Ask App Store review people for clarification. Wait until you didn’t
get a response from them
You can make user registration optional or only prompt for it where
it actually requires
Try it.
Add note, while submitting app,the purpose of using Facebook login in resolution center without uploading new build it will be approve.
If still you face any issue then add some functionality of user login.
For Ex: Use of facebook login is for keeping all records of user in our database and also explain a bit about your app functionality why you use login feature.Hope it will help
Also check
iPhone app rejection 17.2: app requires users sign in with their Facebook accounts
I'm trying to set up an iOS 6.0 and up app on Facebook developers, everything's hooked up and working fine using the latest SDK. The problem is that, though authentication works fine, later in the app it's requesting post permissions and when a Facebook account is not a member of the Facebook app in the Dev center, these permissions aren't requested, the screen just pops to Facebook and back to the app again without doing anything. When I try to use the app with my account that is an admin on Facebook Dev, then it works.
The posting action in question is a Facebook Graph post and it works fine for the admin account.
In previous apps I haven't requested publish permissions through the Facebook developer portal in the app settings (you know, the app review bit by Facebook), so that can't be it either. Those apps work with accounts that are not a member.
I know the code is fine, the code is re-used from previous apps.
I think it's because I am unable to enter the proper Facebook app ID in the Settings. Could that be the cause? Though the app ID is in iTunes Connect, Facebook can't find it yet because the app in review at Apple.
Any thoughts on this nightmarish user rights issue?
Since API v2 was introduced, with every new app you need to go through review for any permission apart from the three “basic” ones (those are public_profile, email and user_friends) – see https://developers.facebook.com/docs/facebook-login/permissions/v2.1
Otherwise you will only be able to ask users that have a role in the app (admin/developer/tester) for permissions – that is helpful either during testing, or for an app that is for a limited user base only; f.e. if you want your app to publish updates from your website to your Facebook page, which requires manage_pages – in such a case you should not submit for review, but just use that permission with your admin/developer/tester account associated with the app. That is further explained here – https://developers.facebook.com/docs/apps/faq#apps-all-users-are-developers
So I've searched for this topic a lot and may be over complicating things but would love some clarity on it. So here's the issue.
I have a web app that uses Facebook Graph (FB Login, friends invite, sharing through FB, etc). We've just built an iOS app for the website and now want to implement all the above FB actions on the iOS app as well. I looked up the Facebook documentation and have tried using that to getting just the Facebook login to work for a user that's already registered on our website (and has their Facebook account connected as well) but it doesn't seem to work.
Use case - A user registers on the web app and connects their FB account with us. They then download the iOS app and want to use FB login to login to the iOS app or share objects on their timeline. A vice versa case should also apply.
Question - What should be the workflow between the ios App, web Server and Facebook for the use case above? Basically, how is the token and the secret passed so all three know we're talking about the same user and same FB account?
Any links or advice would be highly appreciated! Thanks!
In the case when a facebook authed webapp user first starts the native app, you won't know who they are. So they need to be prompted with a "login with facebook" button. When they hit that button, the facebook-ios-sdk will figure out who the logged in user is and then check if that user has already granted your application access. If the web app and the native app both point to the same facebook app, then the facebook-ios-sdk will simply store the authed access token, and you'll have access to everything your web app does on the native app.
The key here is that your web app and native app must point to the same facebook app (ie. same app id in developers.facebook.com). If it didn't, then the native app user would be re-prompted to grant permissions when they click the "login with facebook" button. Additionally, it's important that the user is logged into the same facebook account on the web app (which is based on cookies in the browser) and on the phone itself. The facebook-ios-sdk uses a couple of different ways to look for the active facebook account on the phone. It tries the iOS 5+ system facebook account, inter-app calls to facebook's own native app, the browser cookie for the web view instance running in your app, or bounce you out to safari and use the browser cookie in safari. Which ever one comes back first saying they have an active facebook account needs to have found the same facebook account as the one on the web app. In most cases, they will match up because most users only have a single facebook account and are logged in everywhere with the same account, but they certainly can be different. In the off chance that the web app facebook user is not the same as the native app active facebook user as detected by facebook-ios-sdk, then the "login with facebook" button will simply prompt the native app active facebook user to log in and grant permissions.
Once the access token has been granted to the native app, you can send it back to the server, find the associated facebook user id, and now the web app user and the native app user can be linked to be the same person operating both apps. Additionally, any graph api calls you want to make on the server can be made on behalf of the user using the up-to-date access token you just got from the native app. Any sharing/posting/api calls made directly in the native app through the facebook-ios-sdk will be done as this user and will be handled by the sdk (ie. you won't need to worry about it... it should just work seamlessly and integrate all posts to their timeline just like the web app's graph apis can).
In the case where you have a facebook authed native app user going to the web app, you also won't know (on the first request) who this user is. You can present them with a facebook js sdk login and, again, once the same facebook user logs in, you can associate this current web app user as the one who was on the native app earlier.
Specifically addressing your question, you really have no way of knowing who a migrating user is on either the web app or the native app when they first come to the app. That's where the "login with facebook" comes in. Assuming the user is logged into the same account on the browser as well as on their phone (as determined by the facebook-ios-sdk), then the process of logging into your app is seamless. They won't be prompted to grant permissions a second time (unless your permissions set is different between the web app and the native app) and you'll be given the user's access token immediately. The role of the server is to reconcile the two users by using the granted access token. With the access token, the server can make a simple call to the graph api and get the user's facebook user id. Using that facebook user id, you'll be able to match up the "true" identities of the users on your apps (ie. you now know that the web app user and the native app user are one and the same). Once you know who the user is, you'll be able to provide a personalized experience to that user, based on his identity, regardless of whether he's using your web app or your native app.
Hope this helps. Happy to answer more questions that you may have.
I'm currently working on an app (iOS 6) where the user will be signing in using their facebook account.
In regards to this I have a few questions:
a) Since the app asks the user for permission to access cetain data (like: basic profile info, friend list, access to post to wall etc), I assume that the app based on it's app id will be somehow authenticated to access this information as long as the user doesn't restrict access through their facebook account.
b) will it be possible for example via a service application to authenticate with the same app id as the mobile app, and hence be able to collect data from the facebook users who authenticated with the app?
The purpose of my question is, that I would like do some analysis on the users using the iphone app, but I don't want the app to first download the information from facebook, and then pass it on to my service for analysis.
If the above is possible, could anyone please guide me in the direction of what it is that I need to do? Perhaps links to tutorials that describes this setup, og simply tell me the right facebook terminology that I'm looking for to achive this.
Thanks in advance!
It's a bit late and you may have already picked a service. I have been using Parse.com
(tutorial site). They're very good. They have SDKs and sample code for many platforms a RESTful service for others.
They have recently been acquired by FaceBook, and already have strong links to Facebook's SDK.