whenever user installs my android app, i should get their device info and i like to maintain a webservice about the user who installed my app..is this possible?, is it valid to do that..in general does App development companies will have the user info who installed their app?
Generally, developers keep anonymous statistics, or identify individual users using the IMEI number or the wifi/bluetooth MAC address. It is generally a very bad practice to use the user's phone number. Rule of the thumb is that if you want personal contact details like the phone number or email address, you explicitly ask the user the enter them, and take their permission to use then for whatever purposes. You should never take personal information from the user without their consent.
Related
I'm making an app, which I will distribute via playstore. However, though the app can be installed by anyone in the world, it can only run for selected users who I know.
Below are the possible ways I have figured out,
Check the account E-Mail ids on the phone and if that matches with the one's saved within the app code.
Check the mobile number on the phone and see if that matches with the one's saved within the app code.
When the app runs for the first time, it will send an SMS to my phone. I will reply to that SMS either saying YES or NO. If I reply YES then only the app will run for that user, else it will not.
I would like your feedback on these mechanisms. If there are other ways let me know about that too.
Thanks...
I think your best options are:
Make users log-in using an e-mail and a password (you could ask the user to register and if he uses an e-mail that is known to you, send a password to that e-mail [make the user change it later though])
Beta testing - This allow you to choose wich users will be able to install your app by creating a community on Google+ to beta test your app.
Maybe both.
My app presents the device contact list for the user to select a contact. However, I do not see the device login - the name & email used to sign in to the android store - in the contact list.
I've read other posts showing how I can get the device login from the system profile. However, I'm trying to understand what prevents or allows that login info from getting added to the gmail account contacts list.
Ultimately, I want to use this info for the user to register his usage of my app. With that, I intend to receive the user's name and email address (with his permission, of course). Perhaps there's a better way to approach what I want.
That account used to login to the device is the user's account. The contact list you are talking about are the user's contacts. If I were the user, I think it would be odd to have myself listed as one of my contacts...
It sounds like you already know how to get the information you want. I don't believe there's a "better" approach than simply doing that. You need to be more clear on why that is not a good approach or what about that approach needs to be improved.
Scenario
The user get only the first time free credits in the app. After that we want to do fraud prevention. We need to check if the user and/or the device have not installed the application before.
We can accept the risk of a factory reset or rooted devices
What I tried already
Listen to Intent.ACTION_PACKAGE_FIRST_LAUNCH. After reading I understand that this event is only send to the Play store and can't be used in any other app.
Check the application package info for the field "firstInstallTime", this is reset when the user removed the application and do a install.
Android Backup Service, but the user can stop the backup and reset data, so this is at no use.
App licensing looks like a promise solution to detect if the user have already installed the app. But with limitations the following is described: "You can implement licensing controls for a free app, but only if you're using the service to provide APK expansion files." Do we need to make a small APK expension file, just to verify the license?"
make a fingerprint of the mac address, imei, android id and some other stuff. But would this make the scans of Google play violating? I don't use it for advertising, but i'm afraid they think we violate the google play policy.
how you can help me
Can you help me to choose a good direction to solve this issue and maybe give some better methods to do this verification.
Factory reset, second-hand phones and users with multiple devices will be your main problems.
The only way to uniquely identify a user is an authentication through login/password or OpenId account.
Hey there if you are managing user information at the your server than what you can do is take the IMEI number of the device and send it to your server. It will record the information of the user. Now if he/she uninstall and install app again your app will again send IMEI number at server now you can check the IMEI already present or not, If present then user have already installed your application, more over you can manage same thing from the login ID, but that can be faked by the user. More over it will not violate any thing. User can see while installing in the permissions that your app will get the system information.
I develop mobile cross-platform games (for iOS,Android and WP).
I want to know the email or the phone number of the people who bought my app from the iOS,Android or WP store, for using these informations for authentication purpose.
Waiting for your valuable comments and sugessions
Thanks.
You don't have that information unless people authorize you or give it to you.
Under no circumstances should you be able to get the information of the people who are buying your apps unless they opt into it and it’s made crystal clear to them that you are getting this information.
This was in the news last year because you shouldn't have that data.
This counts for iOS and Android.
options
Ask users for their personal information in the app and send it to
your servers.
Make your app need registration and login ( This is very strict on iOS, make sure you have some kind of offerable service which actually need registration)
You can link their personal information with device numbers, but these are spoofable on rooted and jailbroken devices
To get the device information on android:
You want to call android.telephony.TelephonyManager.getDeviceId().
This will return whatever string uniquely identifies the device (IMEI on GSM, MEID for CDMA).
You'll need the
<uses-permission android:name="android.permission.READ_PHONE_STATE" />
permission to do this.
On iOS look at this answer: How to get IMEI on iPhone?
I can only speak for iOS:
You can't get email address nor phone number using iOS APIs. If you want this, you need to ask the user yourself.
Then you'd need a way to verify them:
Email by sending a link they need to click.
Phone number by sending the user an SMS (with link they need to click, or code they need to type in UI), or by calling them and asking them to dial/DTMF a code they see in the app, or on the app enter a code they hear.
If you want to keep users apart, without needing any info from them:
Have a non-consumable in-app payment item (which you could call 'account' for example). Since these items can only be bought once per user, and because Apple's in-app purchase receipt contains a unique ID, you can use this as a user identifier. (If this does not make sense, you need to read Apple's documentation about in-app purchases.)
If you are asking the user for mail/no then just store temperorly and use webservice to retrive in background
If you want the details without knowing to user Use analytics and catch maild id's of user (flurry , google analytics)
I dont think this is possible currently. The playstore console displays information like number of download, carriers, devices, etc. You may want to consider building in those features and requesting the info from the user via the valid permissions. Aside there is an unofficial playstore API that lets you pull data viz. app info, comments, etc. You can find it here
I would like to publish an Android app with 2-years time support (this is due to API costs). After 2 years, the user has to buy the app again (if he wants).
There are at least 3 problems:
I want it to be easy and effortless for the user: so no "registration form" (if possible).
The app should work on other devices connected with the same Google account (as every payed app).
The app should not work if the user sells his device: so using device's IMEI isn't a very good solution.
I think that the definitive solution would be univocally identifying the user, but the question is: how to do that?
Do you think that AccountManager could be a solution?
Note that the app needs to connect to my server in order to work, so the solution can be implemented both client and/or server side.
You can try to uniquely identify the user using his/her phone number. This is what Wavesecure does.
This does have some implications:
a) your app cannot work on a wifi only tablet.
b) you will have to provide a way for users to migrate phone numbers in case they happen to change phones.
You said that:
The app should work on other devices connected with the same Google account (as every payed app).
Use the google account.
When the app starts have him choose a google account and save the account ID (the email address) server side.
Also make sure the user can change the referenced account, it should not make any difference, as long as you allow just one account per user.
Ideally, as time passes by, you may want to track the active installations for each user, and limit the number of devices (model name, IMEI if available, OS version etc) to prevent fake account sharing. But that's something you can do later.