Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I am developing the monetization model for my iOS app and need some help on related technical questions.
Current application workflow is the following: users do some actions which require heavy use of the cloud resources (for which I am paying). These resources are quite expensive so I don't want my users to load them for free. I can imagine two possible options in such situation:
The app in AppStore is free and provides very limited functionality, users must buy in-app (auto-renewable subscription in fact) to get access to cloud resources.
The app is not free and when users buy the application they get free subscription for the first e.g. 30 days - after that they must pay monthly.
I know how to implement the 1st solution, but there are problems with the second one.
How do I know that the user JUST bought my application (not re-installed it)? Is there a way to do this?
One approach to your 2nd option could be for the app to register the current device with your service upon first launch. If (and when) that device had been registered previously, deny access to cloud functionality. UIDevices identifierForVendor will be sufficient for the task.
This would still allow the user to use the free month a second time on another device he owns though, or if he switches to a new device.
As an alternative, you could require the user to set up an account with your service, but of course there would be no way to prevent a user from creating multiple accounts.
A combination of both approaches may be able to reduce missuse, but it is unlikely you'd be able to completely suppress such attempts.
If you need to rule missuse out as far as possible, you probably need to stick to your first approach. For your second option you might want to try to factor potential losses from fake accounts / secondary devices into your pricing scheme.
The bottom line answer to your question however is: You can't know for certain if a user has reinstalled your app on a device other than the one he fist installed your app on.
Edit:
Turns out I missed the fact that the value returned by identifierforVendor won't persist. Unfortunately, that means you'll either need to stick to your first approach or rely on an account system to which the user needs to register. On second thought that may be the better approach - depending on the kind of content the user will be able to store in he cloud, the user might be reluctant to use several accounts anyway since the data in the cloud is tied to the account. Thus, multiple accounts may actually be a non-issue (just like it is impractical to keep multiple dropbox accounts).
So the answer to your question is actually: You can't tell if the user is re-installing your app.
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 1 year ago.
Improve this question
For security and privacy reasons of our app, we enforce two factor authentication. After the user logs in for the first time, we ask them set up two factor authentication. App shows them a QR code which can be scanned on any free/paid Authenticator App (e.g. Google Authenticator).
Do you think this should cause trouble for getting app reviewed/approved in App Store Review process.
Replying a little bit late as the solution we actively use doesn't appear to be listed.
We have had similar issues with this topic (although our Multi-Factor Authentication System was SMS based).
As we didn't want to bypass our production security mechanisms or re-develop a demonstration mode, we have used a platform allowing to assign temporary virtual phone numbers to users in our apps. The platform is called GetMyMFA.io and it allows us to review and approve our app within 24 hours.
To use it we simply created a user in our production application with a virtual phone number attached which we can enable and disable in real time for the App Store review process. That way Apple simply needs to log in to the platform (with a specific and private username/password) and the SMS MFA login code is displayed in the website.
The objectives of building this platform have been:
Avoid spending time in a security "bypass" (and all the security issues that often come with it)
Avoid building a "demonstration" mode exclusively for Apple
Avoid using public websites with public phone numbers accessible to anyone.
Our App gets approved within 24h with this system and the user can be easily and safely disabled.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 5 years ago.
Improve this question
I need to develop an App in which the user can pick files from their Dropbox account and initiate a transfer a Public / Crowd sourced server.
This is not a migration of cloud storage, but manually selecting files and transferring them to a server. I have seen apps which help in migration of cloud storage through an automated script. As this is not a migration, the user may not understand what he is actually doing, or the implications of it.
My question is:
Will Apple reject the app when uploaded to the App Store for such an operation?
Will this be violating User privacy, as the user might unintentionally transfer sensitive information to a public cloud / server?
Diagrammatic representation of the operation:
As per Apple's guidelines
17.1 Apps cannot transmit data about a user without obtaining the user's prior permission and providing the user with access to
information about how and where the data will be used
So basically, to answer your question
You should provide proper message to the user of what exactly your app intends to do. Lets say in the form of a cancellable alert.
Without this apple will surely reject your app.
Secondly, this
should not be the necessary condition for your app to work. Meaning
that your app should work even if the user denies to share his
images and stuff from dropbox.
Prior to sharing / uploading user should get a view of what is being shared. Without this the application will be rejected. (This is even applicable even in the simple facebook share)
You always have a quick look on the Apple's privacy policies here
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I need to develop an application for a Client who later wish to install this app, customize iPad wallpaper and some other stuff to suit to business needs and send it to his Customers.
The tricky part is I can not suggest him to distribute this application via Adhoc Distribution (Using Normal 100 device limitation account) as He says apple itself is one of their potential customers.
Enterprise Distribution isn't required for reasons that His company does not entitles for this developer program.
Now my question is If I go for B2B distribution model - The end user are essentially not the one who will download the application rather my client himself will do that and give them preinstalled application on iPad.
What options do I have here ? Any help suggestion will be appreciated. I have already gone through the various volume Purchase programs documentation but I could not figure out if B2B distribution exactly matches my requirement or not.
So, let's see if I'm understanding this:
You are making an app for someone else. We'll call you the 'developer'.
Your customer is paying you to build that app. We'll call them the 'publisher'.
The publisher will not be selling to the public, they will instead be installing the app on devices, configuring them and then selling the entire solution (i.e. device and pre-installed app) to their customers (we'll call them 'end users').
Yes? And since one of the publisher's potential end users is Apple, you have a heightened sense of compliance with the rules (which you should be doing anyway).
So in this case, the publisher distributes the app via the B2B model and makes themselves the party it is allowed to be sold to, restricting the availability to those devices. This will require the publisher to create an Apple ID to manage their VPP participation.
Now, that's assuming the end users aren't going to be using these iPads for other functions. If they are, then you'd need to allow those users direct access and perhaps re-figure the business model a bit. That would also allow the end-users to re-install the app if they needed to, etc...
This PDF described the process in more detail: http://images.apple.com/business/docs/vpp_business_guide_en_20130413.pdf
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I work for a company that creates a mobile banking application for iOS. We are now looking for beta testers in the US with Bank of America accounts or AMEX credit cards as beta tester; we are aware that this is a sensitive subject. Our companies core belief is that sensitive data belongs on the users device in an encrypted fashion only, and must only be used between the users device and the bank. Thus we strongly disagree with the idea of using a proxy server as broker between the users device and the bank. We are now looking for beta tester of our app. This brings me to this question: where should we ask for beta testers for our mobile banking app?
I was in a similar situation some months ago. The solution was: the bank's own employees tested the app. We had some testing accounts, from the bank as well, so we could test ourself (us devs, plus a tester). Only three accounts were allowed for testing. In this sensitive environments, I would stick with people that are part of the project and can in fact work in real conditions (project manager, product owners, or project's stockholders , from the bank side).
If possible, mock the API first and test against mocked API first, not with real data.
If possible, get a copy of the production environment and test on it before testing on production.
Make sure you have somebody testing the application for security. If very sensitive data is stored on the device, make sure nobody can get the information from a stolen device (jailbreak attack, data is encrypted, encryption keys/password not floating in memory etc, man-in-the-middle attacks between the app and the server, no sensitive data in logs, etc.)
Beta-testers, by definition, should be real users. You can pick them anywhere. However, make sure you have done everything you could before giving the application to them. Especially, make sure the users can't see/modify data of another users. Make sure you, as the developer company, can't see their data. Make sure you can block their access to the app anytime.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
The scenario:
My company develops an iOS app for company A. Only employees of company A use this app and it must not appear in the Apple app store. Customer A pays us for developing the app, but the app itself is free.
The problem:
How do we distribute the app and updates to the employees (>100) of company A?
How the perfect solution should look like:
Like distribution through the app store: Company A doesn't need to do anything and the users can acquire/update the app easily and quickly.
Notes
Customer A wants to do as little as possible. They also don't really care about costs.
My ideas so far, please let me know what you think about them
My company applies for the iOS Enterprise Developer program (EDP) and puts the app on our own, login-protected website. Customer A doesn't need to do anything and its employees can simply download the app from the website.
Like 1., but customer A applies for the iOS EDP
The first method would be perfect, but according to this thread it might be dangerous. Though I highly doubt Apple would press legal charges (Free app, relatively low number of users, companies located outside the USA), I really don't want to take that risk.
Therefore, I'm currently favoring the second method. It might be some effort for Customer A, but it's still convenient for the users and it doesn't violate the EULA as far as I can tell.
My question:
Are there other methods to distribute the app that make sense in this situation?
Especially one that doesn't force our customers through a relatively complicated application process (most of them don't have a DUNS number).
There are several ways to do that. Here are some of them:
1)Fake code sign your app and jailbreak the devices you want to install it;
2)Create a web app instead of a native app;
3)Use Apple's B2B program;
4)Use enterprise distribution;
In my opinion only your second approach is applicable. In my opinion the company should decide whether they want to have an app or not. And if they have enrolled the Enterprise Developer Program they can have as much app as they want.