Maybe someone knows, there are some plugin cordova, allowing to determine the user's Apple ID on iOS? I need to use this account to identify the user in the application, if it is, for example, decides to change the device to another. I would be very grateful for any help for two days looking for on the Internet, can not find anything. Sorry for my english
there is no way in iOS SDK to get AppleId (email or password) or any information about it this type of data is very sensitive and I hope well secured ;) So no plugin for Cordova.
To identify an user in your application you can use other ways, for example Game Center Account or Facebook login to identify user. I suggest you to find more information about these steps:
Allow user to sign using game center or facebook for iOS applications
Store obtained identifier at your server
Store app/game data at your server with obtained identifier
When user sign back to your app you can identify him at your server
You may restore some app/game data from your server after user sign on other device
Depends on your needs what you need to store and restore when user sign back.
Also I suggest read some parts from https://developer.apple.com/app-store/review/guidelines/ like 17.2, 22.7 before you made final decision about what and how you will ask user for some credentials or other private dat.
To identify a user across devices the only real solution is the implement an authentication system of some kind. There is nothing accessible through the API to uniquely identify the user.
Related
My app is a catalog of ebook-like content. Some of which are free to read, and some other are paid. I need to ask for user email / password to be able to retain the information of which content was successfuly completed, or until which chapter it was completed so the user can have his information synced accross all platforms.
However I got this rejection message :
Apps cannot require user registration prior to allowing access to app
content and features that are not associated specifically to the user.
Next Steps
User registration that requires the sharing of personal information
must be optional or tied to account-specific functionality.
To resolve this issue, please make it clear to the user that
registering will enable them to access the content from any of their
iOS devices and provide them a way to register at any time, if they
wish to later extend access to additional iOS devices.
Please note that although guideline 3.1.2 of the App Store Review
Guidelines requires an app to make subscription content available to
all the iOS devices owned by a single user, it is not appropriate to
force user registration to meet this requirement; such user
registration must be made optional.
Please resolve 5.1.1 issue and resubmit your revised binary to iTunes
Connect.
I am very surprised as I know apps such as Feedly which do not allow you to subscribe to RSS feed unless you create an account.
How should I get this problem solved ?
I have faced the similar rejection. As per the guide lines app is not supposed to force registration. So I ended up adding a skip button on the registration page. You need to add some content that users can view without registration. For example a user can preview a FREE book (maybe first page only) but can't read the full book without registration.
You can keep asking user for registration later when user is browsing the content.
There are some apps with forced registration and are available in AppStore like WhatsApp. But you need very strong arguments to convince Apple review team to consider and it's only possible if your app is really can't work without registration. In your case I don't think that's true.
For registration and login, your app must Serve contents/data user wise. e.g. Specific user settings, profile or follow topics etc. If your app does such things then Apple wont have any problems for your login or registration.
This is because of some apps have Registrations just to collect the email addresses of users.
If i will add "Guide" screen, then this issue will be resolved or not!
I want to let users of my iPhone app invite people from their contacts to a group they're creating. I can use deeplinks for people that already have the app installed to have an invitation automatically show up, but I was wondering if I can somehow pass custom information to someone downloading the app for the first time so after they initially open the app they'll have an invite waiting.
As far as I can tell this is impossible but I was wondering if there's any other way to somehow associate a contact with that person making an account on their own device. My application uses gmail authentication for account creation so if everybody had each other's gmails saved in their contact this might be possible, but that's not the case unfortunately. If I could get a user's phone number then it would be easy but I know that's not allowed without specifically asking the user.
Does anybody know if it's possible to do something like deeplinking for people installing the app for the first time?
You can do this with Google Firebase Dynamic Links. Google has a guide for this here:
https://firebase.google.com/docs/dynamic-links/
If I understand the question correctly, here is what I'd do:
Scenario: Send Invite
If the email invited by a user is a registered email, done.
If the email invited by user is not a registered email, store it in a separate table (pending invites)
Scenario: Sign up/ Sign in
User registers using email, store user information.
When the user logs in, check if email exists in pending invites table, if exists, present invitation.
Delete user from pending invites table
Not sure if you have it already but you might need a db table to keep the invitations sent by your users.
What you're describing is called Deferred Deep Linking (Deep Linking refers to using a link to open your app directly to a specific piece of content, and Deferred means that it works even if the app isn't installed first).
As you noted, there's no native way to accomplish this on either iOS or Android. URL schemes don't work, because they always fail with an error if the app isn't installed. Apple's newer Universal Links in iOS 9+ get closer in that they at least don't trigger an error if the app isn't installed, but you'd still have to handle redirecting the user from your website to the App Store. You can't pass context through to the app after install with Universal Links, so you wouldn't be able to present the invitation. Additionally. Universal Links actually aren't supported in a lot of places.
To make this work, you need a remote server to close the loop. You can build this yourself, but you really shouldn't for a lot of reasons (not the least of which being you have more important things to do). Free services like Branch.io (full disclosure: Branch is so awesome I work there) and Firebase Dynamic Links are designed to solve exactly this requirement, and can handle all of the backend infrastructure for deferred deep linking so you don't have to. From your perspective, as the developer, you'll seamlessly get exactly the same data to work with whether or not the app was installed when the link was clicked.
I do know how to ask permission for contact's list accessing, is a very simple implementation, also I know Apple checks all this in case of going live to the App Store.
I'm about to receive a AdHoc bundle to a third party client, very very picky with privacy issues and I want to be certain that you cannot in any possible way in iOS7 access to the the address book, without previous and clear authorisation, nor storing some file in local or sending it through a web-service.
If there's other sensitive information than a programmer can access without the operating system firewall please let me know as well.
I read some subroutines can go through...
QUESTION: Can a developer access to the addressbook or personal information, directly or indirectly using a third party API or subroutine to the personal data, without explicit permission? Is an AdHoc bundle as secure as an AppStore reviewed App in that case?
Please do not punish me with negative feedback if you are not interested in privacy issues or think was that obvious, actually Apple's documentation is not clear and is focused on AppStore, mostly.
Thanks!
This answer came up in every search I did trying to find, CNContactPickerViewController, so I figured I should respond for posterity.
In iOS 9 and later you can call CNContactPickerViewController to present a system controlled contact picker that doesn't require permission to access the user's contacts. You can't hoover up all their contacts, which is what the original question implied (and is super creepy), but at least you can prompt the user to select a contact (or multiple contacts), which is sufficient for many legitimate use-cases.
Docs
The Address Book cannot be accessed without permission. No third-party API can get in, because internally, these API's need to go through the same permission checks as you need to. No app can get into a user's address book without the user's permission.
This is because of a security issue that Path, and some other apps, uploaded its users' address books to their own servers to use for whatever reason. To read more about it, look here
After this surfaced, Apple required the user's permission to access the user's contacts. Apple's iOS platform is possibly the most secure operating systems today, and there are few security holes that exist in their API's (minus the goto fail; mess-up).
App Store reviewed apps are more secure for the user than Ad-Hoc apps. The developers at Apple make sure that you do not do anything malicious with the user's contacts. In Ad-Hoc apps, there is no checkup. So, if you wanted to do anything dirty with their contacts in an Ad-Hoc app, you technically could (if the user gives you permission at all). You do not need to state what you will be doing with the permission, and so you are able to take advantage of the user's trust in you.
If you want the company to trust the app, suggest that they look it over with their own reviewers. If they don't think you are doing anything fishy, you are good.
I'm trying to learn about iCloud. I've read that there's
ubiquityIdentityToken and it's used to determine if iCloud is available or if the user changed the account signed in. Also, this is only available in ios 6+
But what i need to know is the unique data for every iCloud user. What i'm saying is, after the user logs into iCloud, is there a way for us developers to know who that persons is/who the account belongs to like a username or id (similar to Facebook's fbid/identiferForVendor)? Could we even get the iCloud account of the user in code?
The reason why I want to know this is because i want to check if it's possible to use the user's iCloud account(or whatever unique data we could get from them) as the user's unique identifier on our server.
I hope I could get some answers. Thank you so much!
You can use CKContainer.fetchUserRecordID(completionHandler:)
Returns the user record ID associated with the current user.
https://developer.apple.com/documentation/cloudkit/ckcontainer/1399191-fetchuserrecordid
This article shows example of practical usage of record ID retrieved in this way: Onboarding without Signup Screens.
Apple don't want you to do this. That is why they give you a unique token that is opaque. You can't use it as an id on your server. Apple do not allow iTunes accounts to be used in that way at this point in time.
I suggest you use your own account names, or you use accounts from Facebook or Twitter, which are accessible via system APIs on iOS.
I would like to build a mechanism to free my in-app purchases for some of my VIP users devices. My idea is I pre-save the UDID of the user devices in my backend server. When the app starts, it will call my server and get the list of udid and check if the device is in VIP list. if yes, directly show full features without any button to ask for in-app purchase.
However, UDID cannot be used anymore. What should I do in this case? I dont want to ask user to enter some codes. because it would disturb my user interface.
new updates of the question:
The purpose is that , I got a list of people that they will review my apps , but i dont want to have any pop up to ask for promo code or any specific UI for these people. So my idea is I ask them to give me their UDID (or whatever number that they can identify themselves for their phone), and I save them in my backend. When they download the app, the app call the backend and compare their identifier number/UDID, see if they are my VIP, and give them full features automatically without asking promo code and any UI specific for these user.
I would like to identify the user only. Do you guys have any solutions?
thanks
You could do something like provide a URL to the users which opens the app and gives the app some parameter(s). When the app receives these details it could show an alert to ask for a name or some other info (like an e-mail address) from the user. Then you can send the details to your server for verification and set some value in the app to enable the features. In this way the UI of the app is not changed.
I think it's not conform with the iOS/App Store TOS (to be clear).
The easy way is to use the UDID but we can't now... You can get another unique "number" for identifying the device like the Mac Address (you can get in in Objective-C, not really simple but you can).
You can add a button which asks for a promo code (maybe the same button to buy the in-app upgrade). Only those who have a promo code can get the upgrade for free.
Also, should it be "VIP users" rather than "VIP user devices"?