How does Path app know my phone number in the registration process - ios

I started using Path, and noticed that in the registration process, they identified both my phone number and my email.
As far as I know, there is no way to programmatically get those values (without being rejected by apple), so how does path do it?

Moving my comments into an answer :)
As I've stated above, this is a duplicate of How does Square's CardCase app automatically populate the user's details from the address book?
Because Path asks beforehand for the first and last name it's easy to search for the contact in the address book. Of course one has to handle the case when a) no contact or b) multiple contacts are found. In both this cases I'd probably go with standard input fields, because for the "no contact found" case you need those anyway.
How common it is to have a contact with it's own name I don't know, but according to the Fact that Path and other apps are doing it the same way I suppose it's worth taking the risk :) AFAIK MacOS X automatically creates a contact with my name in the Address Book, but really can't recall if iOS has the same behavior.

Related

Duplicate detection of customers

What are the current algorithms that exist for detecting duplicate accounts by the same costumer?
This would be for customers who are trying to hide the fact that they opened two different accounts. For example, maybe they changed their name to a shorter version or used another email account in their second account.
What kind of algorithm is used for that? Not sure if something like MinHashing is a good idea here.

How bad is it to show Parse object id's to user?

I have a built in QR Code scanner in my iOS app. My backend runs on Parse, and I want the user to be able to pick certain objects on the app and encode their id's into a QR Code and share it around so that users can later scan a QR code, receive the object id's, and query them on the database to later fetch and display them somewhere.
However, what is stopping someone from using a QR scanner outside my app, looking at the object id's encoded into the QR, and messing something up? How bad is it to somehow allow users to see the object id of an entry in your Parse database? Will this heavily compromise security?
I thought about encrypting the object id's but am afraid my app will be rejected by Apple because of not following proper standards. What do you guys suggest?
Short answer: No.
There is no major security risk in giving away object IDs. Unless the 3rd parties had access to your app keys, then there is no way for them to access your data, even if they already knew everything about it. As long as you keep your app keys well hidden, there is no way your users can change anything outwith what you've de
Remember that your object ID's are only unique in the scope of your app (perhaps only even in the scope of that particular class), so when they find the object ID, they don't know if it's your app, my app, or anyone else's app - to them, it is as useful as holding a random set of digits.
The bigger issue I would say is that you cannot set the object IDs, so if for whatever reason that line is deleted, you can reinstate every part of it, but they'll all have different object IDs. This would mean your users running around with meaningless QR codes. Sure you can restore from a backup, but you'll lose any other changes since then. This is why I would never recommend indexing using Object IDs, rather that you create a new column "ID" that can then be changed by you, and then scripting a piece of cloud code logic in the side to ensure it is unique.
Sharing the object ID is not an issue, so long as your app has proper security. Hopefully your app's security does not rely on keeping the object ID secret.
Encryption is fine in iOS apps, so long as you file the proper paperwork. One of my apps uses a very high level of encryption and is available in every country, except France. You just need to file the correct paperwork and it's not that hard to do.

Checking if app name is available

I'm trying to check if a certain app name is available on app store. I've tried it before and used this procedure: Related post
But it seems that they have made some changes to iTunes Connect (iCloud style), and now I'm not able to press "Create", without a bundle ID or SKU...
Has anyone found a workaround?
In terms of the specific name of the app, you can just search for the name on the store and see what comes up. Creating a unique name on the store is usually not difficult. Coming up with a unique name that does not violate anyone's trademark is the real challenge.
There is actually a benefit in making your app name detailed. For example, say you created an app for a concert hall called John's Concert Hall. The app could be named "John's Concert Hall - Tickets for Live Shows in Los Angeles". Your logo on the store and your in-app branding might just say "John's" but you choose the longer name for the store to make your app more searchable on the store. If you have a very strong brand like facebook, you might just name it "facebook" without any additional words. Just to be clear, your logo and branding might be different from what your app is actually called on the store.
You need to have a unique bundle identifier when submitting which is typically uses the app's name.
Just because your app's name is unique on the store does not necessarily mean it is legal for you to use. Your business' name needs to be unique in the business class that it is in per trademark law. So if there is another app named "John's Concerts," one could argue that your app's name creates confusion in the market place (i.e. someone looking for John's Concerts might stumble upon your app instead thinking it was the other app). Even if the owner of the other app does not have a formal trademark, if his app was on the store first he has a common law trademark by default, meaning you could receive a cease and desist letter. Say there was another app out there called "John's" involving music but not live performances. This could be a problem, but it is an unclear area of the law. The more general the class that you share with another app, the more murky it is, so the recommendation is always to make the core brand of the app (regardless of how it is named on the store) as unique as possible to avoid being sued later on. If you share any class with a similarly named app, you run the risk of being sued. A judge might rule in your favor, but you still run the risk of incurring a ton of legal fees.
To ensure your app is unique, the best advice is to run a ton of searches on google and at uspto.gov. A lawyer could charge you $500-$1,000 to do these searches for you and provide you with a book that informs you with all the potential problems for your name out there. No lawyer though will guarantee that your name is safe to use. What you are paying for is their expert opinion on how likely you are to being sued. Leave it to a lawyer to give you a non-answer ;-)
I did some poking at this, and found that the server will still tell you whether an app name is in use. You just have to work a little bit at it.
Go to iTunes Connect's create-an-app page/modal as normal.
Put the name you want to check in the name box, and select any of the language options:
Open Chrome's inspector (or whatever way your browser has to manipulate HTML).
Click the magnifying class icon (top left) and click the greyed-out 'submit' button, or find it manually (inside div.right-buttons). Remove the 'disabled' attribute:
Now click the submit button and find out whether the name is available - it'll be highlighted red (and show a tooltip when editing) if it isn't:

How to ensure unique users registration

I wonder what is the best way to ensure unique users. I will issue a common instruction to 100 people to my website. Once they come to my site, I'll need to allocate them to North south east west region, one after another. I also need to prevent one user from having many accounts. (The user may use another computer / their phone to access)
What is the best way to do this in grails?
There no way to be 100% sure that all users are uniq, btw you if you gather and validate as much details as possible, like:
email (you know), easy to counterfeit btw
cell number (send text message with special code to confirm number), but user can also use a friend number, or buy new one
ask for scan of person ID, and/or
address verification (require scan of bill/other pappers with full user name and address on it, or send a letter to this address with special code to confirm)
Are you controlling who gets the initial instructions, like from a contact list or something? If so could include a "registration key" and only let a particular key register once, or only let those particular email addresses be used to register (once), or even create the users ahead of time and send them the instructions to login.

How does Square's iPhone app programmatically retrieve the user's contact information?

When I install the Square app on a brand-new iPhone, it prepopulates my first name, last name, and e-mail into the signup fields. All I have to type is a password. That's really neat.
How does that work, and how does it know who I am? Is this using a privileged API? There's no programmatic way to get a user's name, AFAIK.
I was actually curious about this too, so I checked it out myself earlier. It's a very clever trick. Here's how it works:
First, Square accesses the name of your iPhone. (This isn't a protected API.)
For most people, the default name of the phone is something along the lines of "Steve Smith's iPhone". A regular expression match is performed, parsing out "Steve Smith".
"Steve Smith" is then searched for in your contact list.
If an entry is found, it brings back the first/last names and the e-mail address for that contact. The signup form is prepopulated accordingly.
If an entry is not found, the signup form will stay blank. Likewise, if the name of your iPhone is something other than the default format -- even if it's just one character off -- the prepopulation mechanism won't fire.
You can prove that this works by changing the name of your iPhone to an arbitrary contact, as in "Dave Wilson's iPhone", and noticing that Dave Wilson's contact info will now be prepopulated.

Resources