I need to write a application which has login functionality. It needs to have user name and password. Once a user logs in I need to switch to an activity that displays data from a REST API.
However I want to know the right way to implement this. I'm thinking that if I login and switch to the next activity, then the first login activity should no longer be reachable unless user logs out. Also I'm thinking that the data activity should not be exported and login might (?) be exported.
Can anyone suggest the right way to implement this ?
Your suggestion is one way to approach this, but it's a bit "brute force".
Is there a reason that users have to log in each time they use the app? Why don't you store the credentials, at least as an option (that is, provide a "Remember me" option?).
For example, the only way to use the Gmail app is to add your Google account credentials first. Once you've done that, you no longer have to provide your email and password when you look at mail. The Gmail app assumes that you've protected access to your phone.
Remember that, for a mobile device, entering text is tedious and error-prone. On the whole, it's best to do it once and store it securely.
Related
Im working on a project where a user isn´t forced to sign up a account.
My plan is that a user could do anything like a user that is registered except for a few exceptions.
I implement a like function which saves the users behaviour on a webserver and later when the data is fetched again it recognized if the user liked something or not. My problem is that I have to save this informations also if the user isn´t registered to my application. A User should be free to decide wheter the user likes to sign up or not and isn´t forced to be a registered user.
I found three different way that could work!
1. Option
First option would be the accountmanager but I don´t like this option at all cause I have to ask for the contact permission and also ask which account a user want to use.
2. Option
A other option would be if a user starts the app for the very first time the app would call a server which creates a random unique code and send that code to my application to save it as key for the users actions which is saved on a server. But that also doesn´t seems to be a good solution for my problem.
3. Option
The last option would be oauth but for now I don´t know if and how it would be the solution to my problem!
I would be thankful for every answer!
I have worked on a comic app that requires saving the user subscribed channels, genre or comics and save the likes/dislikes for the same. User can be subscribed to push notification too.
For this, we used Firebase Authentication (anonymous signup). And to save the user subscription information, we used Firebase Firestore.
And followed the below approach.
As soon as the app opens, check if the user has already anonymous SignIn. If it hasn't, signUp silently.
Add a listener for user push notification token change. And update it to Firestore by anonymous user-id as key (We did same for storing other information too).
I think this approach would help to solve this problem.
You could use firebase auth for that!
Usually, you would use it with email & password or google login but it also has an anonymous login feature that should save the user's phone.
There are few techniques. It depends on whether you want to recognise a user between installations of app. If you are OK to lose a user on reinstallation you can use Firebase installation ID and link users behaviour with this id. If you want to remember users even between installations you can use unique to each combination of app-signing key, user, and device Secure.ANDROID_ID(more info about ids). But still the best way is implementing your own signing in or using of AccountManager.
Im developing an android application for the first time (no prior experience whit coding....). Mainly the app is going to be used at work as a tool for service technicians. The app is almost ready for field testing, but there is one thing i need the app to do before that. I need the app to force the user to log in every time its opened. This is because some of the info on the app is confidential, and only people that currently works for the company is allowed to have this info. Whit firebase i can then block the users that leave the company, or users that are not verified. Currently the users sign in whit google and they stay signed in until they clear the app data or delete it.
I have looked far and wide for the answer to this, but i have only come across different use of timers.
If anyone has a better solution to this "safety" issue, im open to anything.
If you are using Google Sign-In for authentication, there is no out of the box support for forcing your user to authenticate with Google every time they use your app.
This makes sense, because the user is still authed with Google on your phone. A login system only authenticates the user; it doesn't inherently protect data stored on the device. As long as Google has a valid access token, the user won't have to type a username and password again (and simply clicking "login with Google" again doesn't really provide extra protection here).
If your primary concern is blocking access to users who have left the company, you should be covered if you are using Google Apps for your company. If you disable the user's account, their access tokens should become invalid. Google Apps admins can also manually revoke access to specific apps for specific users.
If you don't use Google Apps (e.g. your users are using #gmail.com accounts or accounts from a domain outside fo your control), you might want to consider implementing a list of users allowed to access the application, and verify the current user has access by checking that list via an API call on launch.
If the goal is really protecting the confidential information in the application, you might want to take an approach similar to Android Pay in which you require your user to set and enter a PIN number to access the application. As an added benefit, you can then use that PIN to encrypt any confidential data you are storing locally.
I will suggest you take a look into shared preferences and every time when the user is back into the app you send them to the login activity.
I am implementing Google's Smart Lock for Passwords on Android service on an Android app and while the provided API gives you the ability to retrieve saved credentials, save new credentials, save multiple credentials and delete specific credentials, it effectively provides no way to CLEAR all the saved credentials for a particular app. Not only is there no direct API to clear all the credentials, but there is no programmatic way to list all of the credentials in order to delete them one-by-one.
While the user can log directly in their google account in order to delete the saved passwords directly, this does not fit into any reasonable user interaction flow. The only other idea I can think of is to prompt the user with the list of credentials, have the user 'choose' one at a time and then delete the chosen credential, which also seems like a very unwieldy and confusing flow for users to follow.
I have tried the 'obvious' solution of passing a null credential to the .delete() API or creating a credential with a null identifier.
Is there any known method of doing this that does not result in a really terrible UI experience of the user?
There is no way via the API to delete all credentials programmatically, since this is not a typical user action (and it is a bit dangerous to delete all the user's data, would probably need a confirm UI or undo, etc.)
But as noted in the question comments, it could come up in testing, so easiest recommendation is to clear out all saved credentials at https://passwords.google.com or chrome://settings/passwords (but it takes a minute or two for the changes to sync to the device).
If you have more feedback on a user interaction that would require this functionality in the API, please leave a comment!
I think this may not be the right question for this forum, but I could not think of where else to post it.
However, here goes. I am creating a dating app in android. One of the major hurdles I am facing is user authentication and verification.
Put simply, how do I ensure that a user is who he/she really says he is? How do I prevent, or reduce people creating fake profiles on the app? One way to do this would be to force the user to connect with his facebook account, but again, fake facebook profiles can be created.
Is there any other good method to ensure user verification?
The best way I can think of, although not fool proof, would be when the user creates an account it sends them an email where they need to click a link. Clicking the link can ask for some confirmation of something, such as their chosen username and or the first name and last name etc. If they fill in this information from the email, they're probably legit and you can mark the account as active within the database. If after x number of days delete any accounts that have not been verified.
I need to be able to prevent the user from using my app until I allow him. The idea is that the app should be available for download but the user should only see activation screen when he launches it.
Then he has to request an activation key through email and use that key to unlock the app.
Is there a way to achieve something like this in Play Store and is it allowed?
I also don't like this idea but its my client's wish..
Note to moderators: I posted a similar question for the Apple Store but I want to keep both threads separated so please don't consider this as spam.
Google Play does not have such a feature out of the box.
I can however, think of 3 ways you can get it work. I am speaking strictly for the Android platform though.
You can design you app in such a way that the first screen should ask the user to get an Activation Code / Enter an Activation Code.
After the above, you can either store the Activation Code in a Preference File and check the value for its validity and start the application only if it matches / is valid.
Store the Activation Code in a Database and again, check the value and its validity and start the app if it matches / is valid.
Provide a couple of features and integrate Google Play In-app Billing and let the user pay a one-time fee to activate and enable all functions in the app.
These are the things I can think of at the top of my mind. Hope this helps.
No, There's no way to achieve this. You will have to create a functionality within your application.What you can do is make the user enter an activation key, if the activation key is correct make the user go to the next screen else don't let the user.
Thats something you would have to implement in your app. If there is some payment involved in getting the registration key then the solution is clearly against the play store rules.
i use similar system on my application. When user open the app first time. I ask for promotion code if this promoition code is true (i check it from back end service) user can use app for 3 months free. After this period end, app ask user to buy subsciription. You can do it using a backend service with interact a database.