As you have understood from the question's title, I would like to know, how to identify iOS device across multiple apps. Advertising identifier and identifier for vendor is not an option for me, as apps may not have AdSupport framework included, and they may not have similar vendors. MAC address of the device is also deprecated. Any working solution on this? Thanks in advance!
This functionality is explicitly disallowed by Apple. Any workaround you come up with will violate Apple's stated goal of preventing it (so you would obviously risk appstore rejection even if it "works"). You are not allowed to track devices. You are only allowed to track the vendor ID and advertising ID. Apple has steadily removed every other tool because those are the ones they intend you to use (and their limitations are intentional).
What you are allowed to do is track users by issuing them login credentials and having them log into your server. This usually works fine if the user actually wants the functionality you're providing by tracking them (for example, users don't mind logging into Facebook or Twitter). If you are tracking users or devices to achieve a goal the users don't actually want (such as targeted advertising that the user can't control, or attempts at digital rights management tied to devices), you're unlikely to find a supported or permitted solution.
Related
In my iOS app, I am looking for a unique identifier to use to be able distinguish between users but for the users to be completely anonymous to us who are providing the app.
Scenario: I am building "make comments" function in the app which will be sent to a moderator before being published in the discussion area in the app. The user's identity should be anonymous to me and to anyone who may hack into my system storage that contains discussion content (think GDPR).
The best iOS library option seems to be identifierForVendor, but the user has no easy control over resetting that identifier.
I like the IDFA library more, as the user can be completely anonymous and at their discretion set their identifier to all zeroes using built-in Apple settings. BUT I am not serving advertising. Is Apple still rejecting apps that use IDFA but have no ads?
Other ideas?
Thanks.
I've written an enterprise iPhone app for the field workers in our company, and the powers-that-be are considering offering it to some of our client companies as a freebie for their field workers to use. I assume that Apple would not allow enterprise distribution to users who are not company employees, so I would have to place it on the App Store.
However, we would like to restrict the user base to approved users or companies, so I would like to avoid making it available to just anyone. The app does communicate with our servers, which makes it something of a risk, in my opinion, of hacking; we'd certainly like to avoid that.
I'm wondering if there is a way to restrict App Store downloads only to certain users or companies? Or is there an alternative method to prevent just anyone from downloading and using the app?
Posting as answer, as per the OP...
For your case, you probably want to look at Business-to-Business distribution: https://developer.apple.com/programs/volume/b2b/
You could use the new "DeviceCheck APIs" that is release in iOS11
Using the DeviceCheck APIs, in combination with server-to-server APIs,
you can set and query two bits of data per device, while maintaining
user privacy. You might use this data to identify devices that have
already taken advantage of a promotional offer that you provide, or to
flag a device that you've determined to be fraudulent. The DeviceCheck
APIs also let you verify that the token you receive comes from an
authentic Apple device on which your app has been downloaded.
https://developer.apple.com/documentation/devicecheck
I just spend oodles of time getting iAd to work in my AIR app for kids and now Apple tells me that it no longer supports iAd for kids apps! Any advice? The app sometimes has tens of thousands of downloads in a day. Do I take the loss and move on or is there any way to re-release this app as not "kids only"? Has anyone done this before? Thanks!
Note: Apps designed for children are not allowed to run rich media ads
I think that there is no solution about it.
The thing that is not clear to me is if this rule is valid only for Made for Kid category, you select that category in ITC when you set the parental rating. I guess that is the only way that they can recognize that. Try to see if creating a new upgrade you can remove the "Made for kids" flag.
If I'm not wrong, you cant air ads on kids apps. Maybe contact apple developer support and get the age bracket of your app changed? Thats the only thing I can think of..
You can release an update to the app and change the setting in iTunes Connect so that you app is not "Made for kids".
However, ads in general are frowned upon in kids apps. Although they're not specifically illegal, according to COPPA.
Also, if an Apple app reviewer decides that your app is targeted at kids anyway, they might reject it based on their policy of no iADs for kids apps.
Regarding COPPA's rules on ads for kids: http://www.ftc.gov/tips-advice/business-center/guidance/complying-coppa-frequently-asked-questions
"I want to run ads on my child-directed websites and apps. What do I need to know to make sure that I am complying with COPPA?
There are a number of questions you must find answers to before you enter into an arrangement with any entity to serve advertising to run on your child-directed sites and services. These include:
Is there a way to control the type of advertising that appears on the sites and services? (e.g., can you stipulate and contract only for contextual advertising, and can you prohibit behavioral advertising or retargeting?)
What categories of information will be collected from users on the sites and services in connection with the ads they are served? Will persistent identifiers be collected for purposes other than support for internal operations? Will geolocation information be collected in connection with the ads served?
You should make informed decisions before you permit advertising to run on your sites and services. Depending on what advertising choices you make, you may be required to notify parents in your online privacy policies and in a direct notice, and obtain verifiable parental consent, before you permit advertising to occur. Remember that the amended Rule holds you liable for the collection of information that occurs on or through your sites and services, even if you yourself do not engage in such collection."
If you want to monetise your app with advertising, you have little choice but to use an ad-network that can specifically provide ads for your target age group, and that is COPPA-compliant. Apple's ad network is neither as far as I know. Try Superawesome.tv or Ads4Kids - they may have an SDK you can add to your app for delivering ad campaigns appropriate for children.
I do know how to ask permission for contact's list accessing, is a very simple implementation, also I know Apple checks all this in case of going live to the App Store.
I'm about to receive a AdHoc bundle to a third party client, very very picky with privacy issues and I want to be certain that you cannot in any possible way in iOS7 access to the the address book, without previous and clear authorisation, nor storing some file in local or sending it through a web-service.
If there's other sensitive information than a programmer can access without the operating system firewall please let me know as well.
I read some subroutines can go through...
QUESTION: Can a developer access to the addressbook or personal information, directly or indirectly using a third party API or subroutine to the personal data, without explicit permission? Is an AdHoc bundle as secure as an AppStore reviewed App in that case?
Please do not punish me with negative feedback if you are not interested in privacy issues or think was that obvious, actually Apple's documentation is not clear and is focused on AppStore, mostly.
Thanks!
This answer came up in every search I did trying to find, CNContactPickerViewController, so I figured I should respond for posterity.
In iOS 9 and later you can call CNContactPickerViewController to present a system controlled contact picker that doesn't require permission to access the user's contacts. You can't hoover up all their contacts, which is what the original question implied (and is super creepy), but at least you can prompt the user to select a contact (or multiple contacts), which is sufficient for many legitimate use-cases.
Docs
The Address Book cannot be accessed without permission. No third-party API can get in, because internally, these API's need to go through the same permission checks as you need to. No app can get into a user's address book without the user's permission.
This is because of a security issue that Path, and some other apps, uploaded its users' address books to their own servers to use for whatever reason. To read more about it, look here
After this surfaced, Apple required the user's permission to access the user's contacts. Apple's iOS platform is possibly the most secure operating systems today, and there are few security holes that exist in their API's (minus the goto fail; mess-up).
App Store reviewed apps are more secure for the user than Ad-Hoc apps. The developers at Apple make sure that you do not do anything malicious with the user's contacts. In Ad-Hoc apps, there is no checkup. So, if you wanted to do anything dirty with their contacts in an Ad-Hoc app, you technically could (if the user gives you permission at all). You do not need to state what you will be doing with the permission, and so you are able to take advantage of the user's trust in you.
If you want the company to trust the app, suggest that they look it over with their own reviewers. If they don't think you are doing anything fishy, you are good.
I have read in a business newspaper the following use case for iBeacon :
Clarks (US) - Prompting users to download their app as soon as they walk in-store
I saw nothing in terms of features that is dealing with such an opportunity, so I am quite confused.
On the other hand, the native AppStore application does support iBeacon (as seen in Apple Store to provide contextual services such as Genius Bar, etc). So it is technically possible that some sets of UUID x major x minor are used to invite users to discover an application with a specific store ID - and we still not will be at the OS level, but still at an application level.
So, what's the point ?
A future new release of iBeacon that is currently tested a kind of partnership between Apple and Clarks? Or am missing something ?
I think the simplest explanation is that the reporter got it wrong. The only reference to this I can find is this Marketing Week article,
Which says:
Beacons examples
Clarks (US) - Prompting users to download their app as soon as they walk in-store
As you have suggested, this is not possible without another app already on the phone that does the iBeacon detecting. While it is technically possible that the Apple store app could be helping do this, I think that does not sound at all like something Apple would agree to do. It is more likely that some marketing network has embedded something that does this in a common library in popular free downloadable games. This would only work for people have downloaded apps with this embedded library.
However, given that the claim of this article is dubious, and there is no available evidence to support it, I would be skeptical.