Currently I'm working on the MQTT based Chat application where I need to assign
Unique Topics to Users dynamically.
So, I thought of using their IMEI/MobileNumber. But in iOS, we cannot get the IMEI Number so we thought of generating a random IMEI from the backend and assign it to the Users.
Now, My problem is whenever user changes his mobile, the IMEI Number changes and it will be fresh profile again to that user.
If I use based on his Mobile Number, there is a chance when the user doesn't use the sim for 3 months. The connection automatically terminates from the network provider and the same number will be assigned to another new customer(atleast here in india).
Can anyone suggest me a good approach for the Topic Generation?
BTW, I need a Web Chat also and that need to be fetched from database. that is the only reason, I'm focusing on the Topic Generation. So, I will fetch messages based on his topic and show them in the Web Chat.
Do anyone know, how whatsapp maintained their topics?
I thought of using their IMEI/MobileNumber.
Bad design. Have the user create an account (i.e. email) with a password for your service that way no matter what phone or phone number they have, they can still log in and use your app. And make sure you ENCRYPT the user credentials in your database. Start FIRST by building an app with proper security or else you will be hacked 5 minutes after you launch it.
Do anyone know, how whatsapp maintained their topics?
Just because Zuckerberg copies everyone else, doesn't mean you need to copy them. Also, I believe whatsapp created there own version of a MQTT Broker. Hence, it will have an entirely different set of functionality from a regular MQTT Broker.
Related
I'm trying to add OTP functionality for sign in, in my android app. I'm using node.js for the backend. Now, first I thought about generating random numbers like math.random().
I can easily generate PTPs on my server side and I will store them in my MongoDB datastore then I'll match them when user enter the OTP, but now I came across these prebuild modules for OTP this one Speakeasy https://www.npmjs.com/package/speakeasy.
There are two types of methods HOTP/TOTP. I am asking why would anyone use these two and just not using random numbers.I mean what are the use of HOTP/TOTP? If anybody has designed OTP functionality in any app/website please enlighten me.
UPDATE
What is the general way of OTP authentication on any android device from the server I mean apps like zomato, Airbnb how do they do OTP verification of the user?
These OTPs prove "I am in possession of this device that generates OTPs."
In the broadest sense, it could be a statement involving a device that doesn't even have Internet access. HOTP and TOTP are algorithms that you can use offline. Both the device and the server generate the code independently:
code = f(shared secret, common info)
That shared secret only has to be set up once, e.g. by being baked into a hardware dongle or scanned in a QR code when you set up two-factor authentication. The common info is something that both the server and the dongle can determine each time you log in, e.g. the number of times you've logged in before or the current time and date.
Using an actual random number would require your service to deliver that random number to the device. Which if you're developing for an audience that has smartphones, isn't too wild of an idea. Google's two-factor authentication, for example, supports sending a notification to your phone and you just click a button to allow the login.
One more thing, a practical consideration: using an existing scheme like TOTP makes it easier for anyone trying to reason about how secure the system is. If they already understand TOTP, they can move on to examining other parts of the system you're building.
I don't know if this is even possible, couldn't find anything usefull on the internet.
I wanted to make an app, that me and some of my friends could send a message trough "my app" and that everyone who has that app, receive the message, without using a phone number.
So basically, same as WhatsApp GroupConversation, but then without using a phone number.
Is this even possible?
If it is possible, could you put me on the right track to start with.
Hope I am clear enough, if not, tell me :)
Edit:
This just pops up in my head (didn't look on internet yet), but what I want, is a kind of a shoutbox.
This is possible, in fact WhatsApp does not use your phone number for this at all.
You simply provide your phone number to asure a unique ID and proof that you are indeed in possession of this phone with the validation SMS.
From there on, your phone number isn't even used anymore.
You can go 2 ways with this;
Create a simple webservice with a database on which you just save and request messages. Maybe make a little difference between get all or get latest message. Anyone, hooking into the group, can just fetch the same data. With the use of GCM push notifications, you can make this pretty instant.
Use XMPP, which is a chat protocol kinda all the chats use. Whatsapp, Google talk, FB messenger... This will provide you with instant messaging just like any other chat app or program you know.
Option 2 is by far the best in final functionality, but be warned that XMPP is quite complex and error prone.
You can look into the asmack and asmackx libraries for Android, which will give you the basic functionality with ease. Going a bit deeper, you'll have to dig into the protocol and really get to know it though.
ps. For both you'll need your own server, however with asmack(x) you are also allowed to use Google's Talk servers for free. Communication will go through your Gmail account. Basically with this you just make your own version of Google Talk.
It is possible by implementing server-client architecture. Your app will use a common database for all the users. whenever an user install your app, he will achieve an unique user ID. if anyone uninstall it, his id will be destroyed. You can track the users from those ID in database. You don't need phone numbers.
Hello I am developing an application that will exchange unique groups and messages belonging to them between peers within a local network without any servers. Each of the peers should be able to create a new message and associate it with an existing or new group. Since messages and groups should be unique I have implemented a hash algorithm creating the ID of those messages from static values like, content, date of creation, author, title (messages are not editable). The ID I am using is helping me check the integrity and possible duplicate when the message/group is sent to another device. But since there is no server to store accounts and check for credibility of each of the peers I cant think of a way to implement a mechanism that will check whether a given message is genuine from a specific author. At the moment anyone can publish messages adding a false author name, which is something I want to resolve. How can I do that?
PS. My application might be similiar to how Twitter works but it has no accounts and no main servers to store them. It is developed on android and it cannot use the internet simply because it is using wifi to connect to LAN only routers and I wouldn't want the users to have to use 3G/edge.
Possible solutions:
Use the phone's special ID (IMEI) , but also how do I get that programatically and is it really unique?
Use MAC Address of the phone (actually hashed concatanation of Bluetooth and WiFi MAC Address), is that unique per phone?
The problem with this and the above is that the genuine author might change his phone over time.
If the genuine author has logged on with his Google Account previously is it stored in the phone's memory and can I programatically get this information in offline mode?
The use of Digital Certificates to sign messages could also be a solution. Although its use may raise some more questions like "Who's the issuer?". Well, it could be an "entity" created by you if the authenticity of the messages are only important inside your own application.
Just something to consider if you haven't already.
I don't think you can do anything about a false name, but in most cases fake names are okay - what you want to protect against is one user posing as another. Digital signatures would be the way to go - ensure that everyone has a randomly-generated secret they can use to sign all their communications.
For mobile-based comms, you could go one step further and get people to certify they know another person, using short-range communications. For example your app could do a Bluetooth exchange with another phone, and that would modify each profile to say "trusted person X certifies they have met untrusted person Y". Since it would require the consent of both parties, if one party is trusted, the other one likely can be too. The short-range comms would ensure that the parties have met (and perhaps are certifying that a person is like their profile picture).
You could also do a similar thing to Gravatar - use a hash of the name and the secret to choose from a wide range of avatars (or, generate a random image using a very long hash). This way, two people posting under the same handle will have very different avatars, and they can easily be told apart by the user community.
I'm having trouble understanding the top level of abstraction of this problem.
The Problem:
Users A and B download application X. A wants to send application-specific data to B. How does user A link with B?
My incredibly messy solution:
- User A clicks a button on the application that opens up a list of contacts. user A selects user B from the list. User B's email address was stored in A's address book. Application creates a sort of "share ID" and sends it to user B via that email address. User B's application gets that ID from the mail, then User A and B use the share ID to connect to a server and share between each other via the sserver.
There must be a better way? The two problems are:
1. It shouldn't need a server (should it? could it be free?)
2. There must be better ways of the users connecting to each other than sending ID's or links etc by gmail.
This solution should be so so simple, but I can't get my head round it. If this question is not sufficient to get a good answer, please please tell me what I need to do to get into the way of thinking about how mobile users can interract with each other as simply as possible, with as few clicks as possible, (Mobile 2.0 or whatever the modern day thing is!)
For example: A mother and a child have an android smart phone. They each download the "ChildLeash" app. Child wishes to configure the app to send updates to Mother, so that Mother can keep track of Child's location and so on. The problem is some how Child needs to tell the app what location Mother is at for the data to be sent to. What is a user-friendly way for Child to Identify Mother's phone? (Mother's IP address? Phone number? Email address? OpenIDs? NFC/Bluetooth?) So that it can then communicate?
You could use push notifications, as provided by the Android Cloud to Device Messaging Framework. There's an Android blog post about this. Problem is, this seems beta and not yet available to all developers (you need a specific signup).
Regarding "IP Adresss", P2P and such, this generally won't work. See: Is peer-to-peer communication over 3G/4G possible for smart phones?
If messages are not urgent, then you could use AlarmManager to have your app wake up every hour or so, and check for new messages by connecting to a server. Not sure that would work for your "ChildLeash" example. Another similar solution would be to use a Service to poll the server.
Usually this sort of interaction would require a server. Which you've kind of faked using email as your medium.
It might be worth looking into peer to peer libraries such as JXTA. There's an android port here: http://code.google.com/p/peerdroid/
EDIT: I just came across this: http://android-developers.blogspot.com/2010/05/android-cloud-to-device-messaging.html Which looks like exactly what you're after.
I'm looking for suggestions for ways to share Android app data between phones running the same app. For example, lets say I have an app that stores a database of book reviews. If person A has a book review that person B doesn't have, what are the options for getting that information from person A's phone to person B's phone?
Currently, I'm aware of the following options:
- Upload data from person A's phone to a server, then download data from server to Person B's phone.
- Write code to have the phones sync up using bluetooth
- Write code to send SMS messages
I'm wondering if there are any more options besides these, and if there's actually a best-practice for accomplishing this?
Ideally, I want the users to simply click a button in the app to make the sharing take place, so I don't want to go down the bluetooth route because that requires the user to do a bit of setup (or assumes they already have set things up in the form of bluetooth settings).
Since the data can be of variable length and potentially large, I believe that would rule out text messaging.
As far as the server route goes, from what I understand this seems to be an ok way of doing things, but my problem is that I have no experience with having users potentially sign in to a server and then uploading data. I don't know of the cost concerns (if any), or of potential security concerns (allowing just anyone to upload data, I'm not sure if I would have to take steps to ensure someone couldn't bypass the app and upload malicious data).
So, can you guys give me suggestions and point me in the right direction? Thanks.
I'm wondering if there are any more options besides these
You could try generating a QR code and scanning it on the other phone. Beyond that, I think you have it mostly covered.
and if there's actually a best-practice for accomplishing this?
That is impossible to answer in the abstract.
Keep the database server side and interface with it via a web service
I too am looking for a solution to this very problem. I'll throw it out there that a fourth, or rather extension of your first option, is to use the Cloud to Device Messaging Framework, though it still requires (as best I can tell) having your own server, though I suppose you wouldn't need to store the database server-side longer than it takes to send the message, provided you keep it under 1024b (or whatever the actual size is).
I don't believe there is a convenient way to monitor/send email in the background. If I could have my app monitor email messages looking for a key subject, then parsing the body, I could probably accomplish what I'm looking for using email as the transport.
The problem with maintaining a server, is that you probably would need to build in a subscription fee to your app to cover the costs of maintaining a server, as one time sales may not be able to cover the ongoing expense.