Does the SDK for Google Analytics uses SSL, and thus would need an encryption approval letter for use in an iPhone app?
In case their is any confusion, Apple does require an export compliance letter for SSL
It appears to be a NO. How did I arrive at this conclusion? first I found that for Google Analytics to use SSL, it has to send all data to the https: version of google's server. See: https://www.sslshopper.com/article-enable-ssl-for-google-analytics.html . Then I found a blog post where someone monitored google analytics' connection(s) through iOS, and it wasn't using https:.
See: Monitor Google Analytics requests on an iPhone Application and http://jordan.broughs.net/archives/2012/07/monitoring-google-analytics-for-ios.
Related
I have successfully implemented Place Autocomplete using GMSAutocompleteViewController in my iOS application. I have made a beta testing using TestFlight in China and realized that it doesn't work there. But domain maps.google.cn is currently unblocked in China which allows Chinese people to use Google Maps. Is there any possibility to configure iOS SDK, so it could work in China?
Thanks!
GMSAutocompleteViewController is a part of Google Places iOS SDK. Places SDK as well as Places API web service requires secure https connection. However, the maps.google.cn domain doesn't support https.
The documentation reads:
Google Maps Platform products are served within China from the domain maps.google.cn. This domain does not support https. When making requests to Google Maps Platform products from China, please replace https://maps.googleapis.com with http://maps.google.cn.
source: https://developers.google.com/maps/faq#china_ws_access
This obstacle makes it impossible to call Places requests from Chinese domain.
You can have a look at https://en.wikipedia.org/wiki/Google_China for some historical background.
I am uploading a build of my app, and apple is asking if it uses encryption. I'm not sure if AdMob or Firebase counted as encryption and if I needed to follow the ERN process. Thank you.
I am not a lawyer, and this is not legal advice.
Based on this article, it sounds like you should.
All communications with Google and Firebase through Google-provided SDKs use the SSL libraries provided by Apple to communicate with their respective services. If you're making requests to AdMob and retrieving ad images, your communicating over an encrypted channel.
I reviewed google privacy policy and it said: "We use encryption to keep your data private when it is moved"
https://policies.google.com/privacy#infosecurity
Firebase:
Data encryption
For the collected end-user data listed on this page, Firebase encrypts the data in transit using HTTPS.
https://firebase.google.com/docs/android/play-data-disclosure
AdMob:
All of the user data collected by Google Mobile Ads SDK is encrypted in transit using the Transport Layer Security (TLS) protocol.
https://developers.google.com/admob/android/play-data-disclosure
I am trying to debug Vine API using Charles debug proxy. I have an IOS version of Vine app running in my device and I have set wifi proxy.
I could debug API calls from all other applications by enabling ssl proxying. But SSL proxying is not working for Vine(api.vine.com) . I tried twitter facebook and flickr apps. I could debug facebook and flickr apis and could see JSON response but for twitter this fails.
As Vine is owned by Twitter, my doubt is if Twitter has implemented some security in their APIs or changed some protocols to ensure that APIs cannot be debugged. If that is the case why facebook has not implemented the same ? Their APIs can be easily debugged.
Please find screenshots attached.
Vine API
Flickr API
Facebook API
Twitter API
UPDATE:Jul 22, 2015
It seems that Twitter is using SSL pinning.
At last I found the reason. Twitter is using SSL pinning in their app to secure their APIs from man in the middle attack. There is a hint about this in their API documentation
More information about pinning can be found here.
You can try to use Frida https://frida.re to disable SSL pinning for any app. Check this: https://codeshare.frida.re/#pcipolloni/universal-android-ssl-pinning-bypass-with-frida/
I am getting ready to launch an iOS App that uses the Google Drive SDK as well as the Dropbox SDK (and other cloud service SDKs). Dropbox has a limit of 100 users, until you apply for production status, where they approve your app and then remove this restriction.
However, as far as I can tell, Google doesn't require this. Am I correct? Is there anything I need to do with Google before submitting my App to the Apple App Store? Also, is anyone familiar with any caps or limits Google Drive may put on accounts using Google Drive?
Thank you!
The limits are based around number of requests, rather than number of users. You can see your default courtesy quota by looking at the details of the Drive API in the developer console: https://console.developers.google.com
At the top of the page there is a link for Quota that shows the current limit, and has a link where you can request more if are approaching that limit.
I'd like to make use of the Google Geocoding Json api (http://maps.google.com/maps/api/geocode/json?address=%#&sensor=false) in my iOS app, but I donĀ“t find if the use of this URL has any restrictions and/or this may be rejected when submitted to App Store.
Thanks in advance
There are some restrictions, read the documentation in particular the Usage Limits and Maps API Terms of Service License Restrictions.
This would not be a problem for the app store. Apple does not restrict what geocode service you can use.
First thing I noticed is you are using Non-secure URL to access google geocode API, which will give no data from Google side.
Second thing, Apple has rollout some guideline during WWDC 2016 to use always secure URL if you want to access it withing from APP please check out the link so there are chances about maybe they found you are using non-secure link to communicate with web service, and your application will be rejected from Apple.
We are using Google GeoCode and reverse Geocode API within Unity using C# HTTPWebRequest class with the Secure link. our app pass out through Apple Review