I am now developing a social application. But recently I noticed that Firebase is blocked in China. So I want to make sure whether firebase can be used in China?
* EDIT 24 January 2020 *
Some of the information here might be out of date.
Firebase has a China service at https://firebase.google.cn/ which is not blocked in the PRC. (Thanks to #c-an for bringing this up.)
That said, *.google.com and *.googleapis.com are still blocked in China. I'll change/update this as I get more information.
Original Answer
For now Firebase is blocked and can't be used in China, along with other Google services, because the PRC has blocked all URIs with *.google.com and *.googleapis.com.
This also means, for example, that the Play app store can't be accessed from China. If you don't know what's going on between Google and the PRC, here's a primer.
Also, according to Chinese law, user data of Chinese citizens must be stored inside of the PRC. You might be able to get away with only addressing this once you have a significant number of users, but the trend has been for the CCP to crack down more and more on foreign information, even busting VPNs and declaring them illegal despite complaints of academics who say that they need, you know, real information.
As we're now in the run-up to the 19th Party Congress this autumn, we can expect the situation to get worse before it gets better. Maybe 2018 will leave room for relaxation?
For now, very sadly, forget anything Google in China, and be prepared to store user data of PRC citizens on servers located inside the Great Firewall. Also be prepared for seemingly random degradations of your service within China, or to be blocked altogether, along with these other blocked services.
Update 2017-11-23: The 19th Party Congress has come and gone and, if anything, Google services look less likely than ever to become available in China. The great firewall is likely to continue to be strengthened as the Chinese Communist Party extends its role into corporations, and foreign firms are generally disadvantaged.
Update 2018-08-05: Google plans to open a censored version of its search in China, according to leaked documents. It seems reasonable to assume that if a censored Google Search becomes available in the PRC, then Firebase and other Google Cloud products may as well. The censored search plan, code-named Dragonfly, has reportedly been in the works since December 2017, possibly a result of meetings that month between Google CEO Sundar Pichai and an unnamed top Chinese official when they met at the World Internet Conference in Wuzhen, China, where PRC General Secretary and President Xi Jinping gave a speech.
Update 2018-12-23: It appears that Google's Project Dragonfly is now on hold if not outright abandoned. This implies that the outlook for Firebase in China has worsened.
You can build your own Rest API server outside of China, and make the server talks to Firebase rest api endpoints of Realtime db or Authentication, https://firebase.google.com/docs/reference/rest/database. So you web app talks to your rest api server (accessible from China), and your rest api server talks to Firebase.
The answer is NO :
Using a huge part of Firebase services, I contacted the support, this is the answer :
I'm glad you are considering Firebase for your project. However, in
accordance with current U.S. policies, it is not possible to use
Firebase from within certain countries. For more information about
these restrictions, please refer to the U.S. Department of the
Treasury website. The current list is of blocked countries is listed
here. If you have end-users located within China, it's quite difficult
to access Firebase there since the use of Firebase requires Google
Play Services, which most of the devices in China don't have. We
understand that access to our products has been problematic from
within mainland China. We believe it may have been caused by
networking conditions in China, rather than Google's own services.
Since access to services is determined by the respective country's
government and they don't report to Google, the Transparency Report is
the most authoritative it can be.
I just tested and I am able to access my realtime database hosted on the Singapore region in China mainland. No need to modify anything. Whatever works overseas, works in China. Tested in Beijing.
Facing the same problem, if you are in china, install Astrill VPN and change from openweb to StealthVPN, connect to a server like USA for china one and login to firebase. It will work successfully.
Related
I've come across a collection of android apps that utilise a questionable practice.
With the help of misleading ads user gets tricked into buying an app via SMS service (with prices up to 10 EUR). Afterwards the user then can enter an activation code in the free app distributed on Google Play store.
The entire operation is in grey-area, because it is the user itself who sends the SMS and is responsible for the cost. Due to the nature of the ads, its mostly unsuspecting older people that get tricked into this, because they assume that they must do it or they'll have problems with their device.
In app functionality being sold outside of the app store would most likely be a violation of Apple Store and the app could be reported.
I am wondering if there's similar rules for Play Store, so that this practice could be reported to Google.
The short answer is that Google allows this practice for now, but they are already working on changing it. From my experience, Google allows devs to use any payment/licensing model that their app requires. However, this is subject to change and the end results will be something similar with Apple's policy.
From their support page, it seems that from January 2021, they require that all new apps will use the GooglePlay IAP API. Existing apps have until the end of September to make the switch. As with any other policy, there are some exceptions, but please check the official page to receive the correct information.
The newly available Google Play Billing library does not support the SubscriptionManager of Unity IAP.
Usually, I would validate the receipt with the SubscriptionManager and check the is_subscribed, is_expired, etc attributes and act accordingly.
The documentation of Unity is not up to date with this new information. The Google Play Billing documentation offer no solution or insight as to how to validate that a subscription is still valid. "Not supported" is hardly a valid response, subscriptions are part of a lot of games and software made with Unity.
How can I validate that a Google Play subscription is valid and not expired in a Unity Project using the Unity IAP. Failing to be able to use Unity IAP, any other solution or insight is welcome.
It appears that this new plugin makes it mandatory to validate user subscriptions server-side. When implementing the plugin, I had to create a back-end service that provided the expiry date back to our app since we couldn't use SubscriptionManager to grab that information anymore.
I can't really recommend a specific way of doing this, because everyone's back-end will be different. For us, we utilize Docker containers on DigitalOcean droplets that our app and database can communicate with. This allows us to have a centralized location for back-end services, which we write in Python using Flask.
We have set up one that can go through our database, find every subscription that has expired based on the saved DateTime, and validate whether it has renewed or not. We added an extra endpoint to that service for grabbing the expiry date of a Google Play subscription, as mentioned above.
Subscription information can be obtained by accessing the Google Play REST API's purchases.subscriptions.get. This will return a SubscriptionPurchase object, which provides relevant information that you can then process to find out attributes such as is_subscribed, is_expired, etc.
It may be possible to send this directly from your Unity app/game, however this may also make man-in-the-middle attacks possible (admittedly my knowledge in this area isn't quite there, so I recommend you do your own reading on this).
Also as just a general suggestion, I recommend you try to post questions across both here and the UnityIAP sub-forum. The UnityIAP support folks are super active and even if they can't help because this is a Google implementation, it should definitely put it on their radar! I try to post there whenever I can as it allows them to make improvements to UnityIAP. (:
Yes at the moment we should use server-side API for getting Subscription related info. As SubscriptionManger was dependent on developer payload which is deprecated. See 2nd para https://developer.android.com/google/play/billing/developer-payload
I'm developing a pay for win Android app, in which users are, among others, ranked according to the amount they have spent. The payments are Android in-app purchases.
My questions are:
Is an authentication system required for my users, in order to purchase and be ranked? In other words: instead of using an authentication system, could I use the UUID of the phone, or its MAC address, or any other piece of information that would actually act as an authentication system? If yes: why isn't there any other Android app that proceed in this way (indeed, they use Facebook/Google authentication, or e-mail + password authentication, etc.)?
Is there any Java ranking library that I could use and bind it to the Android in-app purchases? In particular: does Google offer such an API?
Is it a good idea to use Google's authentication and ranking based on Google Play? The ranking criteria must also be the total spent amounts.
Authentication and authorization
Firstly, I would like to make the distinction between authentication and authorization.
Authentication is a way to determine a user apart from other users. Authentication allows a developer to identify Jane Doe as a separate entity from all other users. Authentication is often a precursor to authorization.
Authorization pertains to what actions a user can take on particular resources. Authorization deals with the what, when, how as opposed to the authentication that deals with who.
To state your questions using more definitive language you are asking for best practices relating to:
Authenticating a user inside an application that is available on the Google Play Store, and
Calculating totals related to Android's In-App purchasing, and
Authorizating a user to take a claim action on a prize entity depending on the aforementioned total aggregate
Recommendations
I would highly suggest you use Google's OAuth 2.0 service to authenticate users as opposed to building your own authentication framework or implementing any other authentication framework, especially if this application is only used within th Android ecosystem. I recommend this because:
Android users already have a Google account, and
Implementing your own authentication framework requires very niche skills which usually require a team of people, and
Google already offers an Subscription and In-App Purchasing API which can be queried to rank you users, and
You will already have implemented this API to support in app purchasing to begin with
I would highly suggest you do not use MAC address or UUID authentication because
On a rooted phone I can change my MAC address, and
It does not uniquely identify a user across multiple devices, and
Using this type of authentication would not provide any benefit to your second goal of authorizing actions based on a total aggregate
In other words by using Google's authentication mechanism you can not only uniquely identify users across multiple devices, but you can also leverage the in app payment system to build your particular authorization logic.
The In-App Purchasing API already contains the necessary information you want since you will need to implement it to support in app purchasing to begin with. You might as well use it as a basis for ranking since it is readily available, secure, and contains the information you need with well documented ways of accessing it.
Additionally, you may want to look at the promotional capabilities and one time product-specific billing features functions and related APIs. This might fit your use case and it may make your application more secure and standardized.
Using the provided authentication framework and in app purchasing capabilities standardizes your application up until you implement the claim your prize functionality. People enjoy standardization because they become familiarized with it, and it provided a level of trust, so I would definitely investigate the other aforementioned APIs to see if your prize idea can be based off a foundation provided by Android. This would standardize your app all the way through and, in my opinion, would be best practice.
Summary
I would provide some sample code but your questions are still a but high level to provide anything useful in the way of code snippets. To summarize though my recommendations are as follows
Leverage the Google OAuth 2.0 framework for authentication, and
Leverage the In-App purchasing API and related APIs as a way to calculate total and rank users, and
Investigate the promotional capabilities, or one time product-specific features already provided by Google to see if it fits your use case, and
Avoid using MAC addresses and UUIDs for authentication for the reasons I outlined above
Edit ....
After rereading your title I realized I glossed over the fact that, as I understand it, the term ranking and it's related functionality as used by Android is mostly centered around where you application sits, popularity wise, in comparison to other applications. I have not seen the term used by Android to refer to internal ranking of users against some developer-defined criteria ( total, in your case ).
I'm not saying it does not exist, just that every time I see ranking it refers to application popularity. Therefore I would refrain from using that as a query term when researching how to build this application as you will likely get a plethora of false positives.
What I think you want, to reiterate, is
Authentication
Calculating in app purchasing totals
Promotional or one time features based on that total
Those terms will suite you much better. Please feel free to start a new post when you get further in to the project if you need assistance consuming the APIs
I would like to use AWS DynamoDB/S3/SES/SNS services (Region: Singapore) for my mobile app. The app will be available to users in Singapore/Malaysia/China.
My concern is that will there be any problems for users in China due to China's Firewall?
Thank you for your help and time.
If you want to provide services to users in China, then you need to host your services in China. Having a website in Singapore will NOT provide reliable services to users in China. Also consider that China is broken down into provinces that each have control over their own Internet policies.
I am an Alibaba Cloud MVP for both networking and security. I am also ICP trained and certified (the government regulations regarding websites in China). I have 12 years experience with AWS.
The key to hosting a website (which includes any services providing content / data) in China is an ICP license. This license is very similar to our business license in the US. For the first level, the application process is very easy and quick. The second level is more difficult. Unless you are an enterprise class company you will not be applying for level 3.
Here are the steps to follow if you want to provide a webstite to China.
1) Purchase a domain name with a registrar in China. Use DNS services for China in China.
2) Acquire your website hosting service in China. This is mandatory.
3) Build and publish your website exactly as your users will see it. For a few days, your website will be visible in China but then you will be blocked due to a missing ICP number (see below). This means that you will be duplicating the services that you have outside China with services inside China.
4) File your ICP application listing the exact website and domain name that you are applying for. Your content will be reviewed. You will need to retain the services of a native Chinese speaker as the application process, emails, etc. is in Chinese. The use of Chinese with the government is also mandatory.
5) Even if you plan to process credit cards on your website, do NOT do this at the first stage. Get your ICP license approved first. There are 3 levels, start at the bottom.
6) Once approved, on each web page at the bottom add the ICP license number. Do not skip this step for any web page.
7) If you plan to process credit cards or other financial methods, apply again for the next level ICP license after waiting for a while - wait at least a month.
Note: There are variations in both business and licensing requirements in various areas in China. Review these items as this will affect where you select the province to host the actual location of your web server. My recommendation is to host in Southeast China, near Hong Kong, unless your user traffic is in the Northeast (Beijing).
The straight answer of your question is Yes.It will be accessible in China.But not reliably.Due to Great Firewall things are not easy with china.
Below information will be helpful in your case:
Account reps can help with a leased line to ap-southeast-1 (cost is manageable but set up time is not fixed). That should help GFW.(Link)
Amazon SNS can now deliver messages to users in China through the Baidu Cloud Push
Baidu Cloud Push – Delivering push notifications in China on Android is more complex than other parts of the world. With many different app stores and push services, our customers are now realizing that this is a difficult issue to solve and have asked for additional options. In order to allow app developers to address this large and rapidly growing market and to avoid having to customize their code for every app store, Amazon SNS can now deliver messages to users in China through the Baidu Cloud Push, regardless of the app store that they use.
Messages can originate in any of the public AWS Regions and will be routed appropriately. You will need to create an account, register as a developer, and obtain the appropriate identifiers (userId and channelId) in order to use this service.
Full Details
Is it officially allowed (or tolerated at least) by Google to do it?
I've got some users suggesting to me that it could be a good idea to add a one click 'donation button' opening up their default Android bitcoin wallet app with my bitcoin adress pre-filled.
But hey, I don't want to see my apps suspended just because of this!
Did you see some apps or widgets doing this yet on Google Play?
The same question could be asked about Paypal donations I guess...
Thank you to share your opinion.
I don't know what Google's official policy is for certain, but a donation should be no problem. In theory.
http://play.google.com/about/developer-content-policy.html only mentions that any purchase of in-app benefits must be handled via Google's in-app billing system.
https://play.google.com/about/developer-distribution-agreement.html#pricing-payments says essentially the same in legalese.
So as long as donors do not buy/gain anything, not even a thank-you or honourable mention, and that is made clear in your app, you're in theory safe. Disabling ads for donors is for example easily a violation of those terms.
The rules are however Google's to interpret and enforce. And sentences like
The Payment Processor must process all fees a Developer receives for any version of a Product distributed via the Store.
in 2nd link can easily be applied to donations if the app-review person sees fit, even just because he/she misinterpreted the donation button or
If Google decides that your donations are actually fees, they can & will suspend your app (probably without prior warning & time to fix the problem). There are cases of this you can find on the internet.
There is an appeals form you can find here: https://support.google.com/googleplay/android-developer/answer/2477981 but the answer in practice seems to be "No. Don't ask again.".
Also be aware that Google counts violations and can ban you as a person (not just your current account) from publishing apps on the Play store.
The answer to the question is: NO.
You can't accept bitcoin tips or donations in your Android app, even it is free.
The same is applied for any kind of payment processor, including Paypal.
This because it violates our payments policy.
Policy Issue: Payments
Alternative payment mechanisms to Google Play's in-app billing service
are only permitted if the products purchased are to be used outside of
the app. For example:
For physical goods or services, such as movie tickets, or a publication where the price also includes a hard copy subscription;
or
For digital goods that may be downloaded to devices and used outside of the app, such as songs that can be played on other music
players.
Donations to 527 designated tax exempt organizations are also permitted.
Google don't have clear statement about this but i near future it's possible to allow it
Source
Yes you can. There are already plenty of apps that do this. On another note, for bitcoin donations, use the coinbase api. Its probably the easier in my opinion.