I have recently created an app which required certain security majors.
One of which is that we need to stop the dialog coming from Google when a user logs into the app.
The main thing is that password gets saved in google chrome.
When a user comes to app again it shows options for the user to autologin with usernames in a list and adds password automatically so anyone gets access to the phone can log into the app and can steal the data.
Currently, this issue is found in only one One Plus 5 device.
I want to stop this programmatically.
Any help would be appreciated,
Thanks
Update:
Thanks, Flyzzx, because of your reply I searched for android autofill and found out that it was introduced in Oreo to autofill data.
But when on the login screen it detects the username/password combo and prompts you for password save.
The solution to this is:
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
AutofillManager autofillManager = getSystemService(AutofillManager.class);
autofillManager.disableAutofillServices();
editText.setImportantForAutofill(View.IMPORTANT_FOR_AUTOFILL_NO);
}
Here, only autofillManager.disableAutofillServices(); is also sufficient but on some devices, you should also add editText.setImportantForAutofill(View.IMPORTANT_FOR_AUTOFILL_NO); this to work.
You have to do this for all edittexts which you don't want to get auto-filled.
Hope It will help others like me.
Related
Sorry for the ambiguity in the question but it is actually quite a simple one.
When my android Application boots up I initialize AppCenter as follows:
AppCenter.start(
this, BuildConfig.APP_CENTER_SECRET,
Analytics::class.java, Crashes::class.java, Distribute::class.java
)
if(BuildConfig.FLAVOR != ApplicationVariants.ProductFlavors.PRODUCTION){
AppCenter.setLogLevel(Log.VERBOSE)
}
AppCenter.setUserId(UUID.randomUUID().toString())
Distribute.setUpdateTrack(UpdateTrack.PUBLIC)
Distribute.checkForUpdate()
However, when the user logs into the application I would like to set the UserId to the users email as follows once the user logs in:
JwtUtils.getIdentityTokenModel(requireContext())?.let {
AppCenter.setUserId(it.email)
}
Lastly when the user logs out I reset the user Id to a random guid. The reason for this is visibility on which user has which crash logs. This is a requirement from business.
However, in the app center crash logs, it seems the UserId never changes to the email even if an error occurs while the user is logged in.
My question is simple. Is there a restriction on how many times I am allowed to change the AppCenter User Id? I cannot seem to find it anywhere in the docs.
Thanks in advance
Please see these docs about userId API:
The value for the user ID is limited to 256 characters. It will be
shown with your crash reports but not used for aggregation or counts
of affected users. In case you set user ID multiple times, only the
last user ID will be used. You need to set the user ID yourself before
each application launch, because this value isn't stored by the SDK
between launches.
I have an Android app, which the user can link to Spotify, with :
AuthenticationClient.openLoginActivity(getActivity(), SPOTIFY_REQUEST_CODE, request);
The problem is that I want the user to change his Spotify account so I want to logout the user from Spotify to log with another account. But the data of the connection are saved in the cache and when I use this line again :
"AuthenticationClient.openLoginActivity(getActivity(), SPOTIFY_REQUEST_CODE, request);", it does not show the connection dialog because the user is already connected.
In the doc, it says :
"To log out and clear all stored tokens, use the AuthenticationClient#clearCookies method. Both Spotify and Facebook tokens will be removed."
But the method clearCookies does not exist anymore. What can I do to logout the user and allow him to connect on another account ?
I've searched on the net and seems that this code
AuthenticationRequest.Builder builder = new AuthenticationRequest.Builder(CLIENT_ID, type, redirectUri)
.setShowDialog(true)
.setScopes(scopes).build();
took from this post it's your only choice to try to logout a user.
I can't test it, so you should try it yourself and see if works.
The documentation on the Spotify Android SDK is outdated and is not reflecting the new Spotify auth library on GitHub.
Spotify's Android SDK documentation is definitely outdated. My observation is that when you call
AuthorizationClient.clearCookies(context)
directly before starting Spotify's auth activity, it just works fine. But if you call it once and then expect that the user is logged out, when you start the activity later in the future, cached credentials keep messing around.
I do not prefer
builder.setScopes(arrayOf("")).setShowDialog(false).build()
as it shows you a "not you? Click to log out" option. So basically you need to log out on the Spotify UI, cannot do it from code.
In my case, the application saves the logged in user's email (I need that to show on the UI, anyway). When I want to log the user out programmatically, I just delete the saved email from the app and call
clearCookies()
when I start Spotify's Activity if the variable is empty.
A bit late, but you can use this AuthorizationClient.clearCookies(this) as
AuthenticationClient no longer exists
I'm in the final stages of a project (my first project), but I'm stumbling in some points yet.
Like:
I want to ask the user to rate the app and also share it on facebook, but not only this, after I need also check if he/she really did this, and how many stars he/she rated the app.
I found this answer to ask the user to rate the app:
/* inside an activity */
final Uri uri = Uri.parse("market://details?id=" + getApplicationContext().getPackageName());
final Intent rateAppIntent = new Intent(Intent.ACTION_VIEW, uri);
if (getPackageManager().queryIntentActivities(rateAppIntent, 0).size() > 0)
{
startActivity(rateAppIntent);
}
else
{
/* handle your error case: the device has no way to handle market urls */
}
Seems to me a easy way, but how my app wasn't published yet, I have no way to test... And I don't know how it works (and if it works), this show a kind of native dialog? Anyone already did this way? And how I can check if a user really rated the app and how many stars the user gave programmatically? I need this answer to run a code.
And to share I can use a intent, ok, but and then, how I check if the user really shared it?
Any tip or link to any example will be very welcome.
Firstly as far as I know.. It's not possible to check if user have rated your app or not. You can google that to know the reasons. Best approach is to count launches of app by user ( ideally #5 ) then show dialog asking user rate app. You can use this tool https://github.com/delight-im/AppRater
Regarding sharing .. its similar.. Normally it should not be allowed. My favorite approach is to track user posting by injecting user data (hashed) to a link inside the post content and track clicking. You may shorten link. There are many tools to do so such as Bit.ly, use this lib to achieve that on android https://github.com/dextorer/Bitlyzer
I hope that may help,'.
I am trying to set user information to crash reports in crashlytics in Android App, so that it will help me to find out which of our users experienced a given crash. I have explored and found there are 3 APIs can set user information in crash report.
Those are,
void Crashlytics.setUserIdentifier(String identifier);
void Crashlytics.setUserName(String name);
void Crashlytics.setUserEmail(String email);
It is recommended to use all the APIs. All documented at http://support.crashlytics.com/knowledgebase/articles/120548-how-do-i-set-user-information-
But I have no idea,
1. How to get user-identifier, name and email details, which are input to those APIs?
2. Which place in program to call these crashlytics APIs?
Please share some ideas, how to implement this.
Regards
Annada
Looks like detail UI in Fabric has been changed.
Select one of crash issue.
Click Version in Recently Activity
On detail page top right hand corner, you should see affected user information.
If your application uses some form of user identification (i.e. login, email, phone, device specific id) you can use that as crashlitics user information. I suppose you can generate user id when your app is first launched and save it in shared preferences, for example. It'll be shown at top-right corner of detailed crash view.
i.e. I set ID and name as soon as user authenticates in my app.
You typically want to set them as soon as possible (as your data arrives) and all info has been initialized.
For new Firebase api
FirebaseCrashlytics.getInstance().setUserId("12345")
For More
Customize your Firebase Crashlytics crash reports
I'm building an app that is going to be used as a kiosk, with multitudes of people using the same device to log into facebook. I'm clearing the web browser cache which prevents the users from being auto saved and logged in, but the part that I'm unable to figure out is how to keep it from offering username hints in the username box, for users that have logged in via the app. Is there some way to keep it from memorizing usernames and/or displaying the hint in the username input?
TIA
Yep, had much of the same problem myself!
In FbDialog of the facebook sdk(or your implementation):
protected void setUpWebView(int margin) {
...
mWebView.getSettings().setSavePassword(false);
mWebView.getSettings().setSaveFormData(false);
...
}
You should probably already have the .setSavePassword(false) part if your using the latest sdk. (If not, you should definitely add it, there was a big security flaw in fb dialogs)