webtends - How to test its working - ios

I have been given a webtrends DCSID number that is liked with my clients webtrends account.
However I have not been given access to the clients account, so I have no way of verifying if the reporting is working.
Is there a way to verify if it is working, e.g. setting up a trial account to test on?
The target is an iPhone app

You can also download an HTTP monitoring tool that will show you everything that is sent to Webtrends when the tag fires. It won't show you what the reports will look like, but testing the tag should really be the first step in any tagging implementation. If the tagging doesn't work as expected, the reports won't work either. :)
Standalone tools: Fiddler (free) or HttpWatch (basic or paid). Firefox Add-on: HTTPfox (free).
To test how the tag fires from an iPhone, you will need to either use a User Agent switcher/spoofer in your desktop browser, or use an actual iPhone and monitor the traffic using Fiddler—here are instructions. Once you install one of these, look for the hits to http(s)://statse.webtrendslive.com/[the client's DCSID]/dcs.gif?etcetera

You can go to https://tagbuilder.webtrends.com and generate the needed files for tracking, e.g. an empty html page and the javascript. If possible, upload both to a test webspace and access the page. Type into the addressbar
javascript:dcsDebug();
and a small popup will appear. You will now see all informations collected by the javascript and what would be send to the SDC server.
If needed, ask your customer to send you the logfiles of the SDC and compare the logs with your activity.

Related

How do I implement deferred deep linking in an iOS app?

I want to implement deferred deep linking in my iOS app as a means of tracking referrals. When a user of my app wants to refer a friend, I'll generate a URL that has a unique referral code. When the other person receives the link and opens it, I want it to take them to my app's page in the App Store. Then if they install my app, when it first opens, I need a way for it to read the referral code from the original URL.
I've found may pages about deferred deep linking on the web but none that really explain how to do it. Instead, these pages all end up telling you to install some third-party code or use some commercial service. This isn't what I'm after. I want to learn how to do this myself.
There are lots of old pages out there that recommend convoluted and error-prone solutions, like tracking the user's IP address, putting the referral code into the clipboard, or somehow obtaining it from a cookie in a web view. I don't think these are the correct solutions to be using in 2022.
If anyone can recommend the appropriate resource, I'd appreciate it.
If it is the case that Apple simply doesn't want us to do this and doesn't provide any support for it, then I'd like to know that too. I was under the impression that they did, but maybe I'm wrong.
Thanks,
Frank
Apple's Universal Links allow for this (would understand the difference between the typical URL Scheme and Universal Links as threshold). This assumes you're willing to do some lifting server-side along with other hurdles on the iOS side, largely administrative.
A benefit of Universal Links and the server-side work is that you're provided a fallback webpage if a user does not have the app installed. Since the app should open if downloaded, you could typically just redirect to the app store from this URL. In this case, though, before any redirects, you could execute an operation to decode the unique params passed in the URL and persist it in a remote data store. The data encoded needs to be required and verifiably unique during your registration -- email seems ideal.
If that's feasible, your standard registration flow could require email verification with a link to the app as a mandatory entry point (think slack magic link). When the user submits his/her email to verify, you could first check that email against your data store to see if it maps to any previously decoded referrals saved from the flow above. If so, you could generate a unique link for this email to your app with params that will direct the deferred/deep link.
The good news is, I found a solution. I could construct a web page that redirects the user to the app store, but before doing so, copies some text into their clipboard (without telling them or asking them to do anything). Then later if they install my app I can get the text by pasting from the clipboard. I tested this idea and it works.
The bad news is, starting with iOS 16, Apple now asks you for permission to paste. So if you try to do this, your user will launch your app and immediately get promoted with a message asking them to allow a paste from Safari. I expect most users will deny the request and just the fact that they saw it will erode their trust in the app (I know I wouldn't trust an app that tried consume my clipboard without a direct command from me).

Firebase insecurity/public endpoints with iOS app

I've frequently heard that the main issue we need Firebase security rules is because an application contains all the configurations needed to connect to the database and thus users could do something like db.delete('*'), read/write whatever they want, etc. etc.
I can see how this is possible on a web app, as you could check out the requests being sent over the network and thus get the endpoint needed to connect to the database, but, on an iOS app, how would this be possible?
For instance, say I created some chat app with Firebase and released it to the App Store. When a user downloads it, how would he/she gain access to my database through an API other than the buttons etc I provide with them with? Is there something equivalent to the "Network" section in google chrome that shows all outgoing requests, and, from, this they could send a malicious request to my database? Would this require installing 3rd party software onto their device to see all outgoing/incoming requests and they could get the required endpoint/database connection info from there?
Thanks.
When a user downloads it, how would he/she gain access to my database through an API other than the buttons etc I provide with them with?
It's not hard to reverse engineer the contents of the IPA file to get both the configuration you provided, and also see what the code is that queries the database. The IPA file can be obtained pretty easily - there is not much protecting that, given the user effectively has full control over the device (e.g. jailbreak). Given that information, it's possible to simply invoke the public Firestore REST API to not just duplicate all the operations in the app, and but invent operations of their own.

How to get logs from remote device

Our iOS app has a subtle bug which is 100% reproducible on one of the team members’ device.
He is not a programmer, so he does not use XCode.
To investigate the bug, I plan to make a custom build with logging, ask him to launch it and reproduce the bug.
The question is where to write logs to and how to get them from his device with minimal friction.
I believe that logs must be written to some local file on iPhone, and then he send me this file say by email.
Are there any ideas how to make this sharing clear and easy for a non-programmer?
Little clarification:
In my concrete case I need to log a couple of (rather long) base64-encoded string.
The better way for your scenario is use slack, telegram or any chat application. Then instead log to the files, you can send log to a channel directly.
https://core.telegram.org/bots/api
https://api.slack.com/messaging/webhooks
In our applications, we write the log to the files, then server side supports the api to upload these files.

iOS 6.1.2 forever caching redirect content

I've got (actually my employer has) a mobile website that enables Safari integration (for iPhones and iPads) - meaning that customers can bookmark it to their home screen and then it would behave as a standalone web app (no address bar, custom icon, start-up image etc).
It works all right except that one week ago (coincidentally soon after apple has released iOS 6.1.2) some of our customers (6 of them initially) complained that they no longer get the normal content but a '404 page' of a public wifi provider (The Cloud owned by Sky here in the UK). After a bit of investigation we've figured that at some point those customers connected to the Cloud wifi without actually logging in (it's one of those providers that would redirect you to a login page to enter your credentials, after which you can carry on browsing). The thing is that even after switching back to their private wifi or mobile data connection the application would display the Cloud's page.
This only happens (as far as I can tell) when the application is launched via the bookmark (I couldn't see this behavior when using it from safari).
What happens is that the customers would connect to the cloud wifi (without logging in), they would open the application at which point the router will issue a redirect response to their login page; the application would cache the login page and it will always display it whenever using the bookmark again. (I've performed a capture when this happens and there are no requests being made at start-up whatsoever).
Even weirder, in this situation, if removing the existing bookmark and adding a new one will show you the same cached page (with the whole operation being performed away from the Cloud). We've fixed this by adding a unique identifier to the URL each time we hit the bookmark screen (this indicates that the web apps' sandboxes are linked to the url, which is to be expected).
What we're trying to achieve is to have the application properly recovering after the customer has moved away from the Cloud. But there doesn't seem to be a straight forward way to do this.
Furthermore there's a level of inconsistency in all of this - most of the times when the flow is performed I will see a 404 page (a custom 404 page https://service.thecloud.net/service-platform), but sometimes I would be properly redirected to the login page, in which case the application would not break.
My assumption is that there is a weird race condition in the standalone web app application model causing the browser not to properly handle redirects (and actually caching 404 pages). I've raised a support incident with Apple (which eventually turned into a bug report) but it might take a while and I'm trying my best to figure out a workaround.
Any ideas, maybe someone has seen this before?
The issue is aggravated by the fact that I need to have a 5 minutes walk ever time I'm testing any fixes; I've tried creating simple test forms, but I wasn't able to reproduce the issue, where as with the full app I can do it pretty much every time.
Here's a summary of the steps to reproduce:
Via private wifi (or mobile data connection) add a bookmark to a website (I've managed to reproduce it with quite a couple of apps that support safari integration as described above)
Open the application to review the normal content
Connect to a Cloud hotspot and open the application from the bookmark (open-close it for a couple of times if you don't get the 404 right away)
Connect to the private wifi (or mobile data connection) and open the application via the bookmark -> you'll see the same 404 page again
In the end the fix was to add a unique query string parameter with the initial page request (pretty easy with the setup we already had, via the launcher page). I've filed a bug report with Apple which they've acknowledged by linking it to a previous item. Here's a post on the topic:
http://blog.onos.ro/ios-6.1.2-caching-issue

NotesUIDocument and NotesDocument Send - one works, one doesn't but, never both

I am working with a calendar and scheduling application. The requirements are to work in Notes and on Blackberry devices. Currently when I do a send using a NotesDocument, it works fine for the first meeting send on all. However, if you update the meeting, it only sends a correct message to the Notes client. The Blackberry will receive a rich text only e-mail. All MIMEs are correct in sending as well.
Changing this to send using NotesUIDocument will work fine for all instances on the Blackberry but, in Notes gives the error:
Part or all of this meeting is already on your calendar. You must decline those entries first before processing this notice.
I'm kind of at a loss here because what works in one won't work in the other. I am using Notes 8.5.1 and BES 5.0.2. Any help is really appreciated.
Have you considered using a MailOptions field (computed to itself and set via code) to control a send on UI save? That's how mailing works reliably with web apps -- it seems to invoke some voodoo to which I am not privy to add all of the jots and tittles to the right messages to the right parts of the system.

Resources