We are working on a restricted Banking iOS/Android App and before integrating Fabric.io to our app we need to know what data will be sent to Fabric cloud
Our two main concerns are :
What is the data that will be sent to Fabric servers?
Is there a possibility that it can send any sensitive data like
accessKey/username/password etc.
Does it have access to all the codes in our app?
Mike from Fabric here. We collect just the minimum amount of data to provide you with high quality crash reporting. Many apps from the banking and financial industries use Crashlytics without any issue.
1) Take a look here where another individual has asked the question.
2) No, unless you choose to record this information using custom keys or logs. I strongly recommend never logging this information.
3) We do not have access to any source code. A dSYM on iOS or mapping file on Android is uploaded in order for us to map back from the un-symbolicated crash report to an accurate crash.
As you know, Fabric is an analytical tool that mainly sends crashes and events to its server. You can define events that you want to send. It doesn't access to your secret data
Related
We are developing Native Mobile Application : Android platform, Ios Platform (Swift).
Instead of asking user to download and install https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en_IN mobile app and then generate a QR code in our application to be scanned by this app, we are willing to do it api way. Means We want to call Google Authenticator API pass it QR image, secret and user is registered
Is this Ok and possible. Any one using it please suggest.
I'm not going to say that this is impossible, but integrating Google Authenticator would be a nightmare, and likely wouldn't do what you're expecting it to do. Allow me to explain.
Problem #1
For each instance of the app, you'll have to have a Unique Identifier to pair it to Google's Authenticator. In other words, you'll need to generate a new QR code for each device, pass that off to the system (Which doesn't exist without the app.) to pair the application. This is going to require a "Log-In" to properly store.
Check out this for a possible work-around to Problem #1: https://authenticatorapi.com/
Problem #2
If you're already logging in and the device is already being authenticated, what purpose does the Google Authenticator provide? Well, I'm assuming it allows you to prevent unauthorized access, possibly prevent more than one device. There are infinitely easier ways to manage this, location services are the first one that comes to mind for me.
Possible Solution (iOS)
This is absolutely my go-to method for handling authentication. Encourage or require your users to use 2FA (Two Factor Authentication) attached to SMS messaging. A simple line of code such as this will grab an SMS one-time code.
// Available as of iOS 12, make sure to check version.
self.verifyCodeTextField.textContentType = .oneTimeCode
Android SMS Retrieval
Android Auto-SMS-Retrieval https://developers.google.com/identity/sms-retriever/overview
I don't know it all, most certainly, but I hope this opens the floor for some discussion and brings forth a solution or explanation to your question.
Research Material
Google Authenticator available as a public service?
java API for google Authenticator
[Disclaimer: I looked around at the other stackexchange websites and couldn't find a perfect place to post this question, so i'll post it here. i'm happy to take it down and place it somewhere else if you know where this is supposed to be. please do not downvote because of that]
Currently we use a 3rd part tool (HockeyApp) for monitoring crash reports on an android app. They have an API that i can use to query for crash reports. I want to be able to have an automated crash report system where if certain conditions are met, i get an email (or maybe a phone call). For example, say i get 9001 crashes within an hour, i would like to receive an alert.
Is there a tool for doing this already? (crash monitoring for android, using hockeyapp is highly preferred)
I looked into rolling out my own Ruby on Rails app for doing this, using ActionMailer apis. has anyone had any experience with this and recommend it? Or what would be a better approach? (If i have to roll out my own tool, dev time is of the essence)
What kind of tools do your/other companies use for this kind of situation (crash alerting/pager duty)?
You can continue to use HockeyApp and set a webhook when a new crash was created. This webhook can point to your own backend or to a service like Zapier, which can then trigger a PagerDuty, email or all kinds of notifications.
You can look at crashlytics. They notify by email and send daily stats on email. For detailed stats you can visit your account. But this service is only for crashreporting.
I want users to send textual feedback to myself(the developer) directly(without involving Google Play).
Hence, I can get the suggestions to improve my app directly to myself, instead of users writing negative reviews on Google Play.
I do not own a website nor have access to any server.
I do not want to use ACTION_SEND, as that opens an email app.
I'm an android beginner and this is my first app.
Maybe that data can be stored in a database(on cloud, common to all users) that I can access at any time I want?
After researching, I think GCM is supposed to be used, but I no idea how to go about it.
Please tell me the easiest way to implement this.
Thank You.
That is not what exactly what GCM is for. GCM is primarily for sending data from the cloud to the the devices.
You are correct in thinking that one option is to store the data in a database in the cloud. You could use http://pythonanywhere.com free account and build a web app that provides you endpoints which will save and retrieve data to a SQLite db pretty easily (if you have knowledge of python and server side web concepts).
Another perhaps simpler option is to use a pre-existing cloud database solution http://www.parse.com is a cloud backend that also has a free-to-use option that you can use to store arbitrary data. It is pretty easy to get up and running if you follow their many nice Android tutorials.
One last option I will present is to use a Google Spreadsheet with a Form associated to it. Once you create a form if you know the right url and parameters you can send a post request to insert arbitrary data into your spreadsheet. I've created a library that simplifies the process of uploading. GoogleFormUploader. If you need help getting your form set up you can watch the relevant portion of my video tutorial covering this topic
I used to use Google Analytics for tracking of my application's different features on my users device but since I need to get more information, I'd rather create this analytics on my own so that I can have many other features like how often my users are using the app and other stuff.
The solution I have in my mind is to add a jar file to my application where it retreives the data whenever user is using the app and stores the in the SQLite database of phone and when user is connected to the internet, the data are sent to my webservices on my server-side.
I need to know have a feedback, that what drawbacks this method has. Does it affect the quality of the app in terms of its speed etc ?
Anyone has any other suggestions for solving this issue?
I am conceptualizing an Android app that sends data from one device to another (like a picture message), but because I do not have a server, I am looking into other ways of messaging. Google Cloud Messaging (GCM) seems like a good choice, since its made for Android, and is free to use, but it still requires a server to use. Is there a way around this requirement- such as running the GCM server on the app itself? Or is there a better approach to serverless messaging on Android?
Yes you can - it's possible to send the same messages from a device that would be sent from a server. However, this has the following problems:
You're putting your API key in your app, so somebody could decompile your APK to get it.
Your users would need some way to share their GCM registration IDs with each other. If two users had both their IDs expire at the same time, there would be no way to share them again.
Really, building your app and hosting it on AppEngine would take about an hour to write, and cost less than $10 a month, even for a ton of users.
For a dead-simple messaging server example written in Java, check out the server backing one of my apps:
https://github.com/charlesmunger/touch-to-text-server.git
I think that will be hard to do what you want effectively without a server but you can check out Parse's SDK. It is free to try and free up to a certain monthly limit.
The docs.
You may want to read "Sending Pushes to Channels" and "Using Advanced Targeting".