Since a few days, users of my android mobile application are getting a warning, because the app is using sensitive data.
My app requests the daily steps count from fitnessAPI to display it.
I have read that I should go through the verification process of the oauth screen.
But I do not really know what data I should put in it. It seems rather "web" oriented, because it asks me a application homepage link, and application privacy policy link.
I do not know what I should put in these fields for a mobile app.
Should I put a link to the google play store page of the application?
Or a link to my website that shows my work?
You need to have a registered domain to host these files
Preparing for verification
Related
I’m a little bit stuck on a subject.. I was developing 2 mobile applications with Flutter, each with an authentication system. I would like to develop the following functionality:
I log on to the "A" application, I save my credentials.
I open the "B" app, I can find the account with which I signed in the "A" app. (For example: On my iphone, if I sign in with my google account to Gmail, I find the same account on all the google apps on my phone).
So I would have to be able to store the passwords & identifiers securely on the phone, and only my 2 applications could have access to this "common" database. I looked at Hive/ SQFLITE, but I don’t think it’s suitable for this kind of functionality to share between 2 apps...
Thank you for your help,
JH
This sounds very similar to Google Account Linking with OAuth-based App Flip:
OAuth-based App Flip Linking (App Flip) allows your users to easily
and quickly link their accounts in your authentication system to their
Google accounts. If your app is installed on your user’s phone when
they initiate the account linking process, they are seamlessly flipped
to your app to obtain user authorization.
This approach provides a faster and easier linking process since the
user does not have to re-enter their username and password to
authenticate; instead, App Flip leverages the credentials from the
user's account on your app. Once a user has linked their Google
account with your app, they can take advantage of any integrations
that you have developed.
That said, you will need to go Android/iOS-specific to solve this on your own, but you can draw a lot of inspiration from the App Flip example code provided by Google!
On Android you will be using Intents that return data to their caller. The idea would be to have the "A" app listen for a custom intent for example using package receive_intent that shows some kind of "Allow B to login with A" screen and returns the credentials like this:
import 'package:receive_intent/receive_intent.dart';
// ...
Future<void> _setActivityResult() async {
// ...
await ReceiveIntent.setResult(kActivityResultOk, data: {"credentials": "abc123"})
}
// ...
Best of luck!
For my app, users are invited by email to join.
Currently, the link in the email is opening the web-browser to a page where the user creates his password. Then, the user has to install the app, open the app, and log in with his email and the password he created.
I am trying to make the process easier. I am thinking that in the invitation email, the link can point to "an app link". I know iOS has "Universal Links". The app will most probably not be installed, so on iOS, it will open the App Store app to install the app.
I am thinking to create the registration process in the app. But the issue is after the user installs and opens the app, the "app link" is lost.
The "App Store" app does not pass the original link to the app when the user opens the app first time after install.
Without the information from the link, I am not able to know in the app the email for which the user needs to create the password. I could ask the user for email also, but I was hoping not having to ask him about that.
I guess it's the same for Android.
Any thoughts how to make sign-up process easier?
EDIT: I chose a correct answer but to anybody who might be looking for an answer, I don't think Firebase or anyone else has a 100% reliable way of making a connection between the device where the link was clicked and the device where the app is installed. All the libraries are using some accuracy value and asks you to check it in code. If you think about it, it makes sense, because when the link is clicked and gets open (and that can be in any web-browser app) the JS code needs to compute some hash of the device and it will try to compare it to the hash of the device computed by the app's code when app is open after install.
You can use Firebase Dynamic Links to achieve this.
Please refer Firebase Dynamic Links
i think you have to use Webview for this
You can do this with Appsflyer SDK.
Checkout the documentation https://www.appsflyer.com/blog/app-installation-referral-conversion-tracking/
I'm currently building an app (android and ios) for which I now need users to be able to login. It must be possible to both sign up regularly (entering username, password, name, mail etc.) and to login through various not yet determined social media such as facebook, twitter, gmail, hotmail.
Now my questions are as follows:
1. Are there any framework's supporting this kind of in-app+social media login scenario ? (I know there is stuff like auth0 but it seems that you don't have that much control with this. As I'm going to save statistics about user navigation and such I think it would be preferable to store all my users in my own db, regardless of their way of logging in. Thus to me it seems like what I need is just an easy way of getting information from these social media and then register users as if they had just signed up regularly am I right ?
2. Anything obvious I'm missing ?
All of these social media sites have their own sdk's that allow you to login users and get certain information from them. So using a website like facebook's sdk you request certain information about the user logging in such as email and first/last name, then save this information in your database including it came from facebook. You will need to also create/encrypt a password for someone coming from a site like this. This is very important, obviously they won't give you access to a user's password but you don't want the user's account on your website to be vulnerable. I would limit the number of ways to login because you will have to program and work with each websites sdk in order to do this. Probably just use your own login and a facebook login to start
Here is a link to facebooks website for developers which gives you access to their sdk's for different platforms https://developers.facebook.com/docs/apis-and-sdks
I am using one of those online application builders to build an android application. But from what i have researched, online application builders are used to build hybrid mobile applications. Since these are HTML files, they use the inApp browser and are rendered in WebView. So, My question is - Is webview/inApp Browser capable of remembering the session information? suppose I have users log into a website by displaying it in a webview. Will the users be still logged in if they visit the website a second time? When I test these applications in an online environment running inside a fully-fledged browser, the application seems to remember the user. I suspect this is because the test environment itself is contained within the browser which stores the session information. So, If a user was to sign into a website on a real device, will he/she be required to sign in every time the user launches an application? or will he/she remain signed in until sign out?
It depends on Which platform you are using to create app. Each online platform carries their own implementation policy.
Android provides Javascript Interface for interaction between javascript code in html and java code.
Is webview/inApp Browser capable of remembering the session information?
Yes,Session can be stored in app itself using javascript interface.
Environment of inApp Browser and External browser is total independent until cookies are used.
If a user was to sign into a website on a real device, will he/she be required to sign in every time the user launches an application?
Depends on implementation. If app is designed to save login session then user will not be asked to sign in again.
Check if the post domain matches the original domain
I had a similar issue that took me forever to debug.
One tip I would give to anyone with the same issue is to check where the form is being posted to.
For instance if you are loading domain.com and the form is posting to www.domain.com your app will be searching for the session data in domain.com but the session info will live in www.domain.com.
Make sure your origin and post domains match up
Took me many hours and many cups of coffee to figure out this seemingly simple issue.
I'm working on LinkedIn ingratiation in my Android app, and I've completed this using simple Webview which will ask for Email and password every time,
what i want to do is getting the Login credential from LinkedIn app (if already installed in device), as in Facebook.
But i'm not able to find any tutorial about it.
Plz help me out.
Thanks
You can not and should not. On Android all apps have a private area to store their data. Unless you have root you can't read another app's data (unless the info is saved to public storage which in this case it is not).
What you should be doing is getting your own authorization by asking the user directly for details and permission and using that. I believe LinkedIn uses OAuth2.0 so look into logging in using that.
You can refer this link:
https://www.studytutorial.in/linkedin-integration-and-login-in-android-tutorial
And also if you are integrating LinkedIn Login in your application, you might face a difficulty that user must have to installed LinkedIn App in his/her mobile. As per the documentaion,
https://developer.linkedin.com/docs/android-sdk
For your reference