Let sites know they were visited from WebView inside iOS App - ios

I'm trying to figure out the best way I can inform analytics trackers that the page view is coming from my app, rather than a 'direct visit' (for example).
I have an app that displays a list view of tons of different news stories, and I want to make it so that, when a user taps on one of the stories, and it is displayed in my UIWebView, the website being loaded is somehow informed that the referral came from 'example-iphone-app', or maybe my iPhone app's website?
Is there any way to manipulate the http request to make the iPhone app act as if the link is being opened by a referral link on my website?
I was originally thinking of just adding a query string with a parameter like ?source=myappname, but realized this is not a reliable (or even useful) way of alerting site owners with Google Analytics, SiteMeter, Urchin, etc. from where the request has come.

If you're using Google Analytics then you can set the utm_source and utm_medium query parameters and they will be displayed as the referral source. utm_source is where you would put your myappname parameter and utm_medium should probably be set to referral unless you are charging per click then it is usually set to cpc.

Related

Messenger bot, safety of parsing user ID to a webview URL as a parameter

I'm currently building a food ordering Messenger bot that uses an extension for the menu, as it is a much faster way to browse and select in the restaurant menu rather than using carousel or lists and repeated questions about the quantity.
However, using extensions currently limits the use to mobile users. An extension is used(rather than a plain web-view) to get the user messenger id to determine which user is making the order. An idea came across my mind to switch to a regular web-view to allow desktop users to use the bot, as currently the messenger opens the web-views in a frame rather than in a new tab, but this means that the only way to determine which user is ordering is to pass the user ID (bot`s database user table ID, not the messenger ID) as a URL parameter for the menu.
My question is, how safe and is it even a good idea to do so?
This would depend on how sensitive the user ID is. If the API that accesses your database is properly secured, then it should not be a problem, since no personally identifiable information can be extracted with just the user ID.
If you wanted to be really safe and not expose the user ID from the database at all, you could store the PSID from Messenger in the user db record, then send and do a look up on that instead.
So, I guess the short answer is, it's as secure or insecure as anything you would pass around over HTTP, since the webview in Messenger is a plain webview.
First, although this may have been different when you posted your question, Messenger Extensions now absolutely do work on the desktop versions of Messenger (both when using messenger.com directly from the desktop, as well as when using the version of Messenger embedded within facebook.com). That said, I would recommend using the Content-Security-Policy directive to allow both messenger.com and facebook.com to display your webview as a frame within the browser, rather than the X-Frame-Options recommended by Facebook at https://developers.facebook.com/docs/messenger-platform/webview/extensions#webview_on_web . X-Frame-Options forces you to choose a single domain (messenger.com or facebook.com) to allow your webview to appear on, whereas with Content-Security-Policy you can allow both.
Second, it's worth pointing out that even if using Messenger Extensions, if you're not validating the incoming data using signed_request, then anyone can spoof an order acting as that user. The instructions at https://developers.facebook.com/docs/messenger-platform/webview/context#signed describe how to validate incoming info from getContext() to ensure that the information really did come from Messenger.

Need to open web page within telegram bot chat -- big picture

Building my first telegram bot and it's going to be quite complex.
Part of workflow needs to open a webview within telegram that will require user interaction, return to bot chat altering chat with data received from user.
Reading through the entire api, SO, github, I'm having trouble finding anything about the viewing webpages, much less if we can interact. Before I get deep into this project it would be awesome to have some starting direction.
Can you create web views (like you see for "instant view" articles, google maps, etc), and if so can you get data from user to use back at the chat bot?
Another option is possibly using a "game". In our case, it won't be a conventional game, but maybe we could use the html5 game to render what we need, and interact with the user. I know it can pull scores, names, etc to update message, maybe we could somehow make this work?
I'm currently working through the api. This is one of my first apps, and my first telegram bot. I really appreciate any assistance on how to get started here.
This is in Rails, using https://github.com/telegram-bot-rb/telegram_bot_app as a starter. Mostly needing to know if this concept it possible, but anything more specific would be great, too. Thanks!
You can't create web view with the bot API and you don't need to do that. You can simply link to a web page using simple links or inline buttons and the page will open in Telegram's inline browser (Depending on user's settings).
If you include the user ID in the URL you will know who is using the webpage. e.g example.com?uid=1234
Now that you know who is using the webpage, you can use the ID to send messages or anything else in Telegram chat while user is on the webpage.
At the end you can redirect the user back to your bot URL (telegram.me/botusername).
Update
You can now use Seamless Telegram Login to link to a web page and log in the user. This feature can also be used in groups
Try the new Telegram Web App API
It can open a web page on the bottom sheet, which you can expand almost to the full screen.
You can configure the web app open button by following these steps:
Open BotFather
Type /mybots, select your bot
Click Bot Settings > Menu Button
Set up a menu button that opens a certain URL

Branch.io Generate the link at web end and then retrieve in app

Looking to integrate the branch.io in such a way that the admin gets the deep link at web end where he adds the content. And then he manually post the link to some social media say Twitter,Facebook etc. then user clicks on that link and it will take the user to app or app store.
Is it possible, please guide how to handle this. I am quite confused about branch.io. As far i understood branch.io creates the link send via sms and user clicks and gets redirected to app or app store. Is my requirement valid? How to achieve this please guide. Already spent more than a half day on it.
(Full disclosure: I am on the Branch.io team)
This is actually a very common Branch use case, so it's fairly straight forward to implement.
1. Sign up for Branch
Easy step!
2. Integrate the SDK into your app
This is a fairly simple process that should take less than half an hour, and the latest step-by-step docs for doing this are always at the link above. I won't include the full instructions in this answer because Apple creates new roadblocks fairly regularly, and we often have to make small tweaks to the guide.
After you complete this step, any time a user opens a Branch link associated with your app, either your app will launch (if installed) or that user will be sent to the App Store page to download it.
3. Create your marketing link
The link above takes you to the Branch dashboard. From that page, you can create a new Marketing Link, and use the Deep Link Data section to specify a key/value pair. For example, you can set a key of content and assign it the value mycustomvalue:
When your app launches after a user opens this link, the content : mycustomvalue pair will be magically returned to you.
4. Configure Deep Link Routing and Universal Links.
These methods are what actually call back to the Branch API every time your app opens, returning the content : mycustomvalue pair that you encoded in the link. You can do whatever you like with these values, but here are two common approaches:
Route the user to the content that you specify corresponds to mycustomvalue.
Use the values directly to display something customized (for example, if you encoded content : You've been sent a special invitation!
5. Share the link wherever you like!
The link you created can be put anywhere. Email, Twitter, Facebook, paid Google Ads, etc.

Deferred Deep Linking in iOS

We're trying to implement deferred deep linking in one of our iOS applications to encourage users to invite their friends to use the app, and reward users based on how many installs occur from their referral link. Basically similar to TapStream's product.
Consider this example:
So, UserA shares their link, “ourappURL.com/refer?id=userA”, on any
network they want. UserB clicks that link, which will take them to
Safari and then bounce them to the App Store page where UserB
downloads the app.
When UserB opens the app, the app checks which referral ID they came
in on (if any). In this example, the referral ID would be “userA” as
that’s the ID that was in the referral link. The app then sends this to
our servers and we award UserA with a referral credit.
I'm trying to break this issue down into its core parts. I believe the first part is getting the web page for the user's referral link to save the referral ID to the device somewhere that the app can access it. But I'm not sure this is possible because of the sandboxed nature of iOS.
I know this is fundamentally possible because many ad providers offer the ability to track installations from an ad campaign (see Mobile App Tracking for example).
We have also attempted to do this ourselves and I will try to break down the different steps here.
Going back to your example, you are correct about "remembering" the device identification, and all relevant data "id=userA". You are also correct about "sandboxed nature of iOS" which I presume it means a web page is not allowed to store information outside of the browser app (Safari) and apps (your app) are not able to access information stored by other apps (Safari).
Our solution to this is to store this device to data key-value pair in an environment that is both accessible by the browser as well as by your app, i.e. your backend server.
The next challenge, which remains to be the biggest challenge, is how to uniquely identify this device from the information collectable from the browser? Javascripts in browsers, unlike native apps, don't have access to IDFAs which could be used to uniquely identify a iOS device. To overcome this, one can imagine to use a combination of common information that is available both to the browser app as well to your native app, i.e. OS type, public IP, screen size, etc. etc. Please note, a composite key from these data fields does not guarantee uniqueness (imagine two iPhone 6 visiting this web page via the same router). Therefore, your backend server (assuming you are using it to store this key-value pair), will want to have a strategy on how to handle collisions on keys i.e. the second key deletes the first key, or you allow collision to exist by having a queue of values for a single key. This really depends on how you actual plan to use this technology.
The last step is to form this composite key on your app using the exact same fields you used earlier in the browser to perform a "lookup" on your backend server to retrieve the value previously stored.
Here is a summary of the steps:
User 1 invites User 2 by sending the following link to 2: example.com?inviter=1
User 2 visit Web Page P
P constructs and sends the following key-value pair to your server S iOS|55.55.55.55|750×1334 -> inviter_id=1
User 2 goes to the app store and downloads your App A
User 2 first launches A, A contacts S with the same key (assuming the IP hasn't changed).
S finds the value inviter_id=1 by using this key passed in and, let's say, reward User 1 five points for inviting 2.
Hope this help!
Edit 04/24:
Since Derrick mentioned it in the comments, I figure I would take this chance to finish our story here.
Going back to the beginning of my answer where I mentioned we've attempted to do this ourselves. We had a working prototype based on our current system architecture (which is not in anyway optimized, or meant to be optimized, for storing and analyzing deep link data like this), we ultimately decided not to allocate any additional engineering resource into this project.
Due to the heuristic nature of this matching process, we found this project needing debugging, tuning and optimizing constantly for a diminishing ROI. More importantly, we have found other companies which are more specialized and do a much better job than ourselves.
It has been probably 6 months since we stopped using our internal system and we haven't regretted making such decision.
During this processes, we've worked with a number of vendors, Appsflyer, Adjust, TapStream and we have ultimately ended up with Branch Metrics https://branch.io.
Whether you should DIY or work with another company again depends on your specific objective. We finally decided to stay with Branch, not only because the other vendors charged anywhere from $500 to thousands of dollars per month while Branch is completely free, but also the level of the support they have provided is simply unparalleled.
We've successfully used the clipboard (NSPasteboard) to achieve this: the web page that processes the redirect to the app store does a paste to the mobile device's clipboard before letting the user download the app. Once the app is installed, it uses NSPasteboard on first launch to check for an appropriately coded string. This string can contain the text of interest or, more securely, a token used to fetch interesting data from the backend. In Objective C:
UIPasteboard *pasteboard = [UIPasteboard generalPasteboard];
NSString *pasteboardString = pasteboard.string;
The clipboard can be cleared once the app is done with it, to avoid repeating the same action.
There is a good solution here: http://blogs.innovationm.com/deferred-deep-linking-in-ios-with-universal-link/
Basic workflow:
User selects domain link on web.
Link sets referral ID to cookie.
User redirected to app store.
On app launch, load referral page in SFSafariViewController.
Referral page checks for cookie and if it exists calls a deeplink into the app with the referral ID.
My answer from HERE
Apple no longer supports Deep Links. It is now called Universal Links and works a bit differently.
Source
Now that Apple no longer supports URI schemes for deep linking, developers must implement Universal Links in order to deep link properly on iOS. If you are already using URI schemes, check out our blog on transitioning to Universal Links.
From: HERE
And HERE is another article on Universal Links and what they are.

Facebook Social Discovery - programmatic post to specific user's wall?

How do I trigger a programmatic post to a specific person's Facebook wall so that it looks like this (but replace GO TRY IT ON with my app):
I do not want this to be a generic post to the world. I want this targeted to the specific user's wall whom I specify. I want to include a specific message. I already have social discovery for my app enabled (meaning that I can see my app when I search facebook on my iPhone, and I see it in my list of apps such that I can tap the row and launch my app from facebook).
Looks like you want to familiarize yourself with the concept of the Open Graph -> https://developers.facebook.com/docs/opengraph/
product is obviously an object defined in that apps open graph settings, and suggesting is an action that can be undertaken with products.
So what you've shown us in this picture is not a normal post, it's the publication message of an Open Graph action.
But I'm not aware of any simple way to make this publication visible only to one user. The general visibility is set by the user in the auth dialog for your app. I don't know if there's a way to further restrict visibility for a single action publication, maybe by dynamically creating a friendlist with only that one user in it or something …

Resources