I have an iOS app that is linked to Google Analytics via the iOS SDK for GA
I want to find out from GA, how a single user (who I know has signed up at a specific time, and hence would have gone through some signup sequence of screens) has gone from screen to screen post the signup process
What is the best way to do this in GA? I can see a Behaviour Flow in terms of graphical data, where can I see the actual text log or some kind of line by line data for the same?
Thanks
Maybe it is possible with setting user specific values/keys in GAIDictionaryBuilder,
BUT based on Privacy policy: http://www.google.com/analytics/tos.html
You will not (and will not allow any third party to) use the Service
to track or collect personally identifiable information of Internet
users, nor will You (or will You allow any third party to) associate
any data gathered from Your website(s) (or such third parties'
website(s)) with any personally identifying information from any
source as part of Your use (or such third parties' use) of the
Service. You will have and abide by an appropriate privacy policy and
will comply with all applicable laws relating to the collection of
information from visitors to Your websites. You must post a privacy
policy and that policy must provide notice of your use of a cookie
that collects anonymous traffic data.
Related
My GoogleService-Info.plist file for iOS was stolen, is it possible to disable access to my Firebase Firestore to all current iOS devices, and reset this file ?
I tried to delete my iOS app in Firebase, but I can still make request from my iPhone...
And I need to disable access only for iOS devices not Android.
As Doug Stevenson pointed out the contents of the GoogleService-Info.plist are public and accessible to every iOS user of your application. Therefore it is inaccurate to say they could be stolen as they're already publicly available.
As explained in the Firebase documentation the file fields contain identifiers used by your application and Firebase servers to route the requests being made to Firestore, Real Time Database and the rest of products the app might be using. Reading the documentation or the post shared by Doug you would see the information exposed is not a security threat.
Moreover, I would like to point out that everybody could try to access your Firestore collections and try to add/drop data. This is indeed expected as Firestore is publicly accessible by mobile and web clients. However, this doesn't mean Firestore is exposed to users to do whatever they please, instead, the actual access is totally under your control by the means of security rules, which enforce what actions a given user could do. In that sense, the developers who left will only have the access level that your security rules grant them, which shouldn't be a threat when having good rules in place.
Lastly, you may revoke the credentials completely removing the application. I'd say it's not a great idea as you would cause a service disruption to app users. Also, this won't improve security or diminish risks.
You can remove the app directly from the Firebase console
Before proceeding make sure to check and understand the consequences.
Click on Settings > General;
Scroll down to Your Apps;
Identify the app and click on Remove this app.
My question is a follow up to this question.
Let's assume I have an Android Tv stick, I also am the vendor. There are 3rd party apps like Netflix, Prime, etc. I want to access the channels provided via TvProvider or ContentResolver. As pointed out in one comment:
apps vendors signs with the same key as an AOSP itself
placed them in a special folder - only vendors of devices can do it
or you, but only on rooted devices
How are my possibilities for the options above?
Using one of the proposed options you will be able to get all channels from the TvProvider inside the apps with signature /signatureOrSystem protection level. I don't know the specifics but I assume they may be different for different ROMs you may use. You will be able to retrieve the data from TvProvider the same way you are able to do it in your own app - this answer has links to examples from Android system app.
You will be able to render Rows from the data via leanback library in your own app(I don't know whether it should be a launcher or just an app). After the user by clicking on a card will enter the app that provided the content and view it there. You will not be able to view the videos inside your own app even if it is a system one because you would have to have access to the backend of the app that provided the media and that information is not stored in the TvProvider. The media inside a TvProvider is rather a simple link to a content page inside the other app.
There is plenty of info online about modifying ROMs, creating signatureOrSystem apps I cannot dive a specific link because I cannot verify its validity, because I haven't tried to do such things with TvProvider in specifics and Android OS in general(except for the root and disassembling and modifying already existing apps from the device vendor - also plenty info online).
I've frequently heard that the main issue we need Firebase security rules is because an application contains all the configurations needed to connect to the database and thus users could do something like db.delete('*'), read/write whatever they want, etc. etc.
I can see how this is possible on a web app, as you could check out the requests being sent over the network and thus get the endpoint needed to connect to the database, but, on an iOS app, how would this be possible?
For instance, say I created some chat app with Firebase and released it to the App Store. When a user downloads it, how would he/she gain access to my database through an API other than the buttons etc I provide with them with? Is there something equivalent to the "Network" section in google chrome that shows all outgoing requests, and, from, this they could send a malicious request to my database? Would this require installing 3rd party software onto their device to see all outgoing/incoming requests and they could get the required endpoint/database connection info from there?
Thanks.
When a user downloads it, how would he/she gain access to my database through an API other than the buttons etc I provide with them with?
It's not hard to reverse engineer the contents of the IPA file to get both the configuration you provided, and also see what the code is that queries the database. The IPA file can be obtained pretty easily - there is not much protecting that, given the user effectively has full control over the device (e.g. jailbreak). Given that information, it's possible to simply invoke the public Firestore REST API to not just duplicate all the operations in the app, and but invent operations of their own.
I'm trying to run an affiliate project for my app and Apple's 24 hour cutoff makes it a bit difficult. I'm wondering whether there is a way to implement one's own tracking?
I first was thinking a landing page with a phone number input form. Upon submission we'd use something like Twillio to send the user the app store link via SMS and also store the phone number together with the affiliates code from the landing page URL. I then saw that Google somehow let's you track adwords in relation to app installs and thought that perhaps there might be a way that doesn't involve this phone number indirection... Anyone know how they do it?
To be or not to be
The main question here is nature of your intention.
It reasons necessary accuracy / limitations you have on iOS. I see two variants.
100% Accuracy
If you need 100% accuracy, you can use SFSafariViewController - it's view is rendered by another process and it has shareable cookies between your app and Safari. It's iOS 9+ only 100% way to attribute installs. Also you can go with explicit attribution (email, phone number etc.) requested from user after app install. It might be needed if business model relies on this process (like each install is paid out to user account etc.)
You can get an idea and do implementation following this link
<100% Accuracy
If you want to provide greatest UX possible (but it's not critical) or gather analytics (but it allows some kind of deviation) you can go with some approximation techniques, like gathering IP addresses, location etc from requests to your affilate link. The flow can be following:
Your landing page contains dynamically generated link
Upon clicking on link, user metadata is stored (ip, location, device info - whatever can be grabbed from User-Agent or another info available to your web service)
User is redirected to App Store
Upon install and run, app queries your service with device info and ip.
Your web service now decides on attribution. Matching algorithm can include any necessary amount of variables / conditions. Like "Same IP + Device Type + No more than 5 minutes since clicking the link".
This way you don't request any user info (email, phone number) but you're already able to track attribution. Correctness percent is subject to tuning.
Edit #1
This approach might be helpful to you, it's used to attribute login, however you can use modified for analytics.
Edit #2
If you're really wondering, how AdWords does this, you might be interested in install tracking step-by-step guide. It's explicitly stated (section "Instructions for tracking iOS app installs (first open)", p.14) that you should either use AdWords tracking code (this tutorial describes how) or setup server-server integration. So, going back to original questions:
..there might be a way that doesn't involve this phone number indirection?
Yes
Anyone know how they do it?
There are lots of techniques (as well as measurement pixel built on top of mentioned above SFSafariViewController), described in these docs:
Google SDK,
3d-party SDKs
We're trying to implement deferred deep linking in one of our iOS applications to encourage users to invite their friends to use the app, and reward users based on how many installs occur from their referral link. Basically similar to TapStream's product.
Consider this example:
So, UserA shares their link, “ourappURL.com/refer?id=userA”, on any
network they want. UserB clicks that link, which will take them to
Safari and then bounce them to the App Store page where UserB
downloads the app.
When UserB opens the app, the app checks which referral ID they came
in on (if any). In this example, the referral ID would be “userA” as
that’s the ID that was in the referral link. The app then sends this to
our servers and we award UserA with a referral credit.
I'm trying to break this issue down into its core parts. I believe the first part is getting the web page for the user's referral link to save the referral ID to the device somewhere that the app can access it. But I'm not sure this is possible because of the sandboxed nature of iOS.
I know this is fundamentally possible because many ad providers offer the ability to track installations from an ad campaign (see Mobile App Tracking for example).
We have also attempted to do this ourselves and I will try to break down the different steps here.
Going back to your example, you are correct about "remembering" the device identification, and all relevant data "id=userA". You are also correct about "sandboxed nature of iOS" which I presume it means a web page is not allowed to store information outside of the browser app (Safari) and apps (your app) are not able to access information stored by other apps (Safari).
Our solution to this is to store this device to data key-value pair in an environment that is both accessible by the browser as well as by your app, i.e. your backend server.
The next challenge, which remains to be the biggest challenge, is how to uniquely identify this device from the information collectable from the browser? Javascripts in browsers, unlike native apps, don't have access to IDFAs which could be used to uniquely identify a iOS device. To overcome this, one can imagine to use a combination of common information that is available both to the browser app as well to your native app, i.e. OS type, public IP, screen size, etc. etc. Please note, a composite key from these data fields does not guarantee uniqueness (imagine two iPhone 6 visiting this web page via the same router). Therefore, your backend server (assuming you are using it to store this key-value pair), will want to have a strategy on how to handle collisions on keys i.e. the second key deletes the first key, or you allow collision to exist by having a queue of values for a single key. This really depends on how you actual plan to use this technology.
The last step is to form this composite key on your app using the exact same fields you used earlier in the browser to perform a "lookup" on your backend server to retrieve the value previously stored.
Here is a summary of the steps:
User 1 invites User 2 by sending the following link to 2: example.com?inviter=1
User 2 visit Web Page P
P constructs and sends the following key-value pair to your server S iOS|55.55.55.55|750×1334 -> inviter_id=1
User 2 goes to the app store and downloads your App A
User 2 first launches A, A contacts S with the same key (assuming the IP hasn't changed).
S finds the value inviter_id=1 by using this key passed in and, let's say, reward User 1 five points for inviting 2.
Hope this help!
Edit 04/24:
Since Derrick mentioned it in the comments, I figure I would take this chance to finish our story here.
Going back to the beginning of my answer where I mentioned we've attempted to do this ourselves. We had a working prototype based on our current system architecture (which is not in anyway optimized, or meant to be optimized, for storing and analyzing deep link data like this), we ultimately decided not to allocate any additional engineering resource into this project.
Due to the heuristic nature of this matching process, we found this project needing debugging, tuning and optimizing constantly for a diminishing ROI. More importantly, we have found other companies which are more specialized and do a much better job than ourselves.
It has been probably 6 months since we stopped using our internal system and we haven't regretted making such decision.
During this processes, we've worked with a number of vendors, Appsflyer, Adjust, TapStream and we have ultimately ended up with Branch Metrics https://branch.io.
Whether you should DIY or work with another company again depends on your specific objective. We finally decided to stay with Branch, not only because the other vendors charged anywhere from $500 to thousands of dollars per month while Branch is completely free, but also the level of the support they have provided is simply unparalleled.
We've successfully used the clipboard (NSPasteboard) to achieve this: the web page that processes the redirect to the app store does a paste to the mobile device's clipboard before letting the user download the app. Once the app is installed, it uses NSPasteboard on first launch to check for an appropriately coded string. This string can contain the text of interest or, more securely, a token used to fetch interesting data from the backend. In Objective C:
UIPasteboard *pasteboard = [UIPasteboard generalPasteboard];
NSString *pasteboardString = pasteboard.string;
The clipboard can be cleared once the app is done with it, to avoid repeating the same action.
There is a good solution here: http://blogs.innovationm.com/deferred-deep-linking-in-ios-with-universal-link/
Basic workflow:
User selects domain link on web.
Link sets referral ID to cookie.
User redirected to app store.
On app launch, load referral page in SFSafariViewController.
Referral page checks for cookie and if it exists calls a deeplink into the app with the referral ID.
My answer from HERE
Apple no longer supports Deep Links. It is now called Universal Links and works a bit differently.
Source
Now that Apple no longer supports URI schemes for deep linking, developers must implement Universal Links in order to deep link properly on iOS. If you are already using URI schemes, check out our blog on transitioning to Universal Links.
From: HERE
And HERE is another article on Universal Links and what they are.