I need to fill data safety form in google play console. I have few doubts.
Name and email
Usually in android phones, the user logs in with a gmail id before starting to use the phone. This gmail id can be requested by the app like a permissions alert dialog. Now my doubt is, I am getting user's email id not like this but as a form submission. User types his email id. Now what should I mention in the data safety from. Should I mention as collecting or not collecting.
Location
Another similar doubt. I am not getting location using permissions. But the user types his zip code/pincode when adding his address. Should I mention collecting or not collecting.
Thank you in advance. If anyone needs more details, mention in comments and I will add it.
I think you can state both as collecting.
According to User Data
You must be transparent in how you handle user data (e.g., information collected from or about a user, including device information)
is going to be as data collection about the user.
Related
The below error is encountered when an app APK update is pushed to google play developer console. The have rejected the app update because of this. The app does not send out any information and is completely offline.
It uses google location API for getting and storing approximate location (stored only in device and not transmitted anywhere outside)
It uses a send log functionality for any crashes manually. User is given a choice to send an email and the crash log is attached with the email to developer. This is also not automatic and is controlled by user.
No data is sent from the app to external APIs or systems and the app is completely offline.
Can anyone point me in the right direction on what needs to be done so that the google data safety won't trigger this issue?
If you have already submitted Data Safety Form. I suggest to review your Data safety Form & Try updating answers for every cases mentioned in the issue reported by Google Play Policies
If you are passing data to any analytics platform from your app using their APIs.
Select Yes in this section:
If your app is offline & you are collecting any data from User,
Make sure you tick all the details collected by you in app from the User.
For Example: If you are colecting/sharing Name,Age & Email Address of your User. You need to tick mark all the checkboxes shown under Data Safety Form > Data Types > Personal Details Section
Hope it will help you!
Im working on a project where a user isn´t forced to sign up a account.
My plan is that a user could do anything like a user that is registered except for a few exceptions.
I implement a like function which saves the users behaviour on a webserver and later when the data is fetched again it recognized if the user liked something or not. My problem is that I have to save this informations also if the user isn´t registered to my application. A User should be free to decide wheter the user likes to sign up or not and isn´t forced to be a registered user.
I found three different way that could work!
1. Option
First option would be the accountmanager but I don´t like this option at all cause I have to ask for the contact permission and also ask which account a user want to use.
2. Option
A other option would be if a user starts the app for the very first time the app would call a server which creates a random unique code and send that code to my application to save it as key for the users actions which is saved on a server. But that also doesn´t seems to be a good solution for my problem.
3. Option
The last option would be oauth but for now I don´t know if and how it would be the solution to my problem!
I would be thankful for every answer!
I have worked on a comic app that requires saving the user subscribed channels, genre or comics and save the likes/dislikes for the same. User can be subscribed to push notification too.
For this, we used Firebase Authentication (anonymous signup). And to save the user subscription information, we used Firebase Firestore.
And followed the below approach.
As soon as the app opens, check if the user has already anonymous SignIn. If it hasn't, signUp silently.
Add a listener for user push notification token change. And update it to Firestore by anonymous user-id as key (We did same for storing other information too).
I think this approach would help to solve this problem.
You could use firebase auth for that!
Usually, you would use it with email & password or google login but it also has an anonymous login feature that should save the user's phone.
There are few techniques. It depends on whether you want to recognise a user between installations of app. If you are OK to lose a user on reinstallation you can use Firebase installation ID and link users behaviour with this id. If you want to remember users even between installations you can use unique to each combination of app-signing key, user, and device Secure.ANDROID_ID(more info about ids). But still the best way is implementing your own signing in or using of AccountManager.
I got my Android Application to successfully pull the user's profile via Google People API to get the Person object. I am also successful in grabbing the user's birthday and gender from that object. Though after testing with my own Gmail and switching my account's gender and/or birthday to private, I was getting no response back from the API calls.
I am wondering if there is any way to be able to pull this information even if the user sets it to private? If I do a verification submission to Google of my application with the request scope of https://www.googleapis.com/auth/userinfo.profile to get the user's profile, will there be an option to request to be able to read private data as well if it gets approved? Or am I out of luck getting the privately set data for the user? (This is mainly just to help the user not have to worry about additional screens for entering in data).
You can get it by requesting non-public profile scopes.
More information here : https://developers.google.com/people/v1/how-tos/authorizing#profile-scopes
I am working with Cloud Firestore and I came to the question on the top. I will set you an example
The user installs the app and log's in with Google. I save the log-in information in the device storage so the user does not have to log in every time. It is also stored in Firestore with a generated ID.
The user plays with the app and one day uninstalls it. This erases the log-in information in the async storage, losing the generated ID that granted him access to the app.
One day he decides to install it again, let's say in another device to make it harder. He had various information in his profile or maybe an active payment plan he forgot to delete and he wants to do it now. He clicks on google log in since it was how he did it, but now the profile information is gone because another account was created with another generated ID.
How to avoid this? I want the app to remember the user account in some way. The user account would be stored in my Firestore.
According to the docs:
For Android and iOS, offline persistence is enabled by default.
Meaning that by default, Firestore creates a locate copy of the database on the client's device.
User installs app and log's in with Google.
So I assume you have already implemented Firebase authentication with Google.
It is also stored in Firestore with a generated ID.
Without seeing that "generated ID", it's hard to say if it's the correct ID or not. The idea behind this authentication is to sign-in your users with Firebase, no matter what the provider is. Furthermore, if you want to save user data in Firestore, store it into a document whose id is the user ID that comes from the authentication process. In this way, doesn't matter what the provider is, you'll always store the data under a document whose key will never change.
User plays with the app and one day uninstalls it. This erases the log-in information in the async storage, losing the generated ID that granted him access to the app.
It's true that if the user uninstalls the app, all the cache is wiped out from the storage, including the log-in information. That being said, bear in mind that you should never store such information on the disk. When using Firebase authentication, there is no log-in information that needs to be stored. If you didn't still implement it, I recommend you start with the docs.
One day he decides to install it again, let's say in another device to make it harder. He had various information in his profile or maybe an active payment plan he forgot to delete and he wants to do it now. He clicks on google log in since it was how he did it, but now the profile information is gone because another account was created with another generated ID.
This is only happening if you are using a type of ID other than the one explained above. If you had used the ID that comes from the authentication process, the second time the user tries to sing-in, even if using a different device, he'll be recognized as the same user with the same data. In this way, the user will be able to access the same document with the same data and recreate the local cache.
Im not sure in which framework you are working in to create the app, but firebase sdk has sign in along with create user with email & password. Needed data could be saved to user's document on Firestore.
I'm developing an Android app which needs to be able to manage the user list. Problem is, Firebase doesn't seem to offer much support for this kind of scenario, as opposed to social apps where users are self-registering and managing their own accounts. I could create users in the Firebase console, but this is not enough.
The users are to be registered by email and password, some users must have admin permissions and be allowed to edit the user list, I can enforce this using security rules. However, the users listed in the Firebase console don't have any place to put extra information for the permissions, so this info must go in the main database. Editing the database tree in console is not reasonable, hence this must be done in the app.
First problem is, there is no way to get the user list from the app. As a workaround, I can create users only in the app using createUserWithEmailAndPassword() function. Then, I can save the extra user info in the main database, keeping them in sync.
Minor problems aside (such as newly created user getting automatically signed in, signing out the admin user), the function starts to fail and the error logs indicate "TOO_MANY_ATTEMPTS_TRY_LATER". This is not acceptable.
Any suggestions will be appreciated. Thank you.
The users are to be registered by email and password, some users must
have admin permissions and be allowed to edit the user list, I can
enforce this using security rules. However, the users listed in the
Firebase console don't have any place to put extra information for the
permissions, so this info must go in the main database
You should a separate worflow for admins which would add the admin UID to a DB node "admins".
Then whenever you need to check if your user is an admin using rules you can uses something like
".write": "root.child('admins/'+$user_id).exists()"
Creating and login in other users seems pretty unintuitive to me, I would suggest using dynamic links for invites and let the invited users, install the app, create their own users and sign in themselves. You can then use the dynamic link info to see whoever invited them and act accordingly.