I want to create a phone only account which will hold phone only contacts and use should not remove this account (except factory reset).
Is there any way,that can be specified either in account authenticator or sync adapter or via accountmanager such that this account will be non removable. any one of the following possibility is fine,
1). account will be present in the device but will not be available under configured account list in the account and sync settings
2). account will be available in the list but, remove option will be disbled (gone) for this account.
Thanks in advance,
AS
There are good reasons why one would want such a thing. For instance, being able to keep the phone with 2 separate accounts: One for your data, one for phone management.
This way, if your phone gets stolen you can remotely control it via the phone management account while removing the data account.
Some Apps do allow you to remotely control your phone yet:
1) If you use only one account then once you change the password to protect your data you won´t be able to do thins like uninstalling apps remotely.
2) The thief being able to modify the accounts, there will be no way to avoid the management account to be removed.
3) The management account should be, preferably, hidden from the list of accounts so the thief doesn´t even suspect it´s there.
Going firmware makes sense, as it has been mentioned. I wonder if it´s that hard to implement. May post about it on XDA.
Cheers,
Jean
Sorry, but nothing you want in your list is possible, without firmware modifications.
Related
I am creating an iOS and Android App and I want to create a screen where the player can start with a guest account or can connect his account with our own accountsystem.
But my question is: Can I detect a user after the app was uninstalled and installed again?
I know that there is something like the vendor. But this will change.
I know that other apps also can do this.
With the user's permission- have them log into an account. Or provide you with their google of facebook account info. So far as hardware ids, those are discouraged and actively being removed to prevent people from the API to prevent this.
Also remember- that unless the user logs in with an account, you don't really know whether it is the same person. You could know its the same phone, but you don't know if he gave it to his kid sister to play on. Or sold it when he got a new one, and now you've given the new owner access to someone else's account. Also, if you rely on hardware ids you won't know its me when I buy a new phone and download it on that.
So yeah- either have him log in with a username and password, or use a 3rd party signon mechanism like Google or Facebook.
For iOS, there is a recommended approach to do that: by using the DeviceCheck framework. The idea here is that it allows you to persist 2 bits of data across app installations on each device. You can set the first bit to 1 if the user has already installed the app or 0 otherwise. And use the second bit, for example, to check if the user has signed in or not.
The official documentation is pretty good, please check it out.
The downside of this approach is that you will also have to do some work on the backend side.
UPDATE:
If you specifically want to detect the account, there is no reliable approach. One of the options is to use identifierForVendor or generate some kind of device fingerprint (for example, by combining the device model, timezone, locale, etc.), but of course, this will not work every time.
Uniquely identifying a device is a security leak, and all platforms are putting serious restrictions on unique persistent identifiers because of privacy concerns.
I have an app that has in-app purchases where users can purchase set of videos and there are ten of these sets. Now, before they do this they have to sign up for this app using their personal e-mail (not necessarily their phone's primary e-mail).
Since they have to log in this app, I was planning that they get the right to open the app and the set of videos they purchased from whatever device they use.
Problem:
After thinking about this and since this app is only directed towards local audience, I am afraid that users will pass their accounts to each other and my customer number will decrease.
Solution I thought about:
I will put a message when the users buy the set of videos that says: "These videos will only be viewed from the device you download it on". Which means I will use certain flags to ensure that an account will download them once. So that if someone is to share an account s/he won't be able to download because they where already downloaded.
Question:
If I do like this then if the user uninstalls this app, s/he will lose all the videos they purchased. Thus, if they install it again, they will have to buy the set of videos again. I am not sure if professional apps let the users have what they purchased back if they reinstalled the app or not.
So, is there a way that I can still use the solution that I thought about and still have my users regain what they bought before they uninstalled the app? Or do you have a completely different suggestion that can solve my problem.
Account sharing is a big topic. Daily business for Netflix and Amazon.
I'm not a big fan of your solution because of all the restrictions. I would suggest following approach:
User signs up in your App
You create a unique ID on the device (GUID - https://developer.android.com/training/articles/user-data-ids)
You store this data on the database plus the GUID on the device
You can now verify that the user has valid access.
I would suggest adding another field like max_guids=2. So that if the user looses the device he can still access his data (yes, this also means 1 single device sharing is possible, therefore you can detect irregularity with login sessions and ban the user).
Sounds better?
I have an app that creates an account for a web app, which is basically sending and receiving SMS messages from the web. This is how it works (not released yet, nearing the end of the first-release features I had planned):
The user purchases the app.
The user enters their name, email, and password.
The account is created on the server-end, and the final view is shown telling the user where to access the web app.
The background processes are opened (C2DM and ContentObserver for SMS).
All goes well. The android part of this app all works flawlessly, but I'm scared of people making multiple accounts from one purchase. How could I stop this from happening? I am clueless when it comes to this subject. First of all, when the final view is shown, a user could just hit back and then recreate another account. How can I prevent them from going to that form ever again? I am thinking I can just set a SharedPreference, but then all the user has to do to make another account is uninstall the app and then reinstall it, and bam another account is made.
I need a way, so once the user registers for the first time, there is in no possible way they can register again, on that specific phone (or specific Google account). Is there any real way to accomplish this? Any help is appreciated, I am stuck when it comes to this topic.
Since SIM identification functions (getSimSerialNumber) return null on CDMA devices and *ANDROID_ID* is said to be the same value on CDMA devices; with addition of tablets which do not have either of them, I highly suggest implementing your own unique identifier in your database and matching it with user's Google Account.
However, since a poweruser can always reset their app data storage and clear their identification from device (thus making your app session on device brand new on app launch) this approach has it's caveats.
You may want to check this blogpost for ideas about generating your unique id
http://android-developers.blogspot.com/2011/03/identifying-app-installations.html
I would make it a check on the server side.
Every device has a unique identifier. If you save this on the webserver side during the account creation, you check whether or not an account has already been made on this device. Also add the same check for the Google ID, just in case.
String android_id = Secure.getString(getBaseContext().getContentResolver(),
Secure.ANDROID_ID);
Might be worth a try. Your safest bet will always be something on the server side, since the device side is easily tempered with if people really wanted to.
I would like to use in-app billing in my android application (instead of creation 2 versions of application - free and pro). If user paid, then additional options in Preferences should be available.
My application synchronizes data with website (not my).
Each time synchronization happens, I would like to check if user paid or not.
How should I do it?
I think the easiest means for you would be to use Managed purchase. More on it is at http://developer.android.com/guide/market/billing/billing_admin.html#billing-purchase-type
The "manage by user account" purchase
type is useful if you are selling
items such as game levels or
application features. These items are
not transient and usually need to be
restored whenever a user reinstalls
your application, wipes the data on
their device, or installs your
application on a new device.
Update: website and API updated refer this now https://developer.android.com/google/play/billing/api.html
There are to many ways to do that, i will try and give you some of the most used
what about user accounts? can your application support users? if it does, its practically solved with 1 user per 1 account. just add a flag to your DB for each user. this is the most secure way, its very easy to know if someone is stealing from you thats why all MMO's (like WOW) use this type of check. you can easily know if theres more then one user on an account as well
the downside is that it requires more processing and some support is case someone's account gets stolen or other user support of that kind.
you can save a sort of key inside your application. and some other key on the server. if the key matches (either 1 to 1 or after some manipulation) then you have yourself a paid user, other you dont.when someone buys the application then change the key on the device.
just do what you dont want to do and have 2 applications for free and paid it will probably be less work then the other 2 list above.
there are many ways of doing what you want. but i'll tell you this:
most applications use method 2 but on the opposite direction, meaning serial key.
i dont think your gonna create an mmo so theres no need for option 1 unless you really dont want anyone hacking your application (which i assume no matter what you do it will be hacked in todays world. i'll advice you to trust those who pay and accept those who dont)
method 3 is just easy in my opinion especialy when you want to just remove menu options, but it also creates duplicate repositories for code.
good luck. what ever you decide is good, make a theft protection, if someone wants to steal it, they will, dont fight it (even PS3 got hacked in the end)
I'm creating an Android application for a fantasy league as part of a college project. It's a paid application, and requires each download to be associated with only one team.
I'm confused as to how best go about it. If a user goes to settings and clears the data from there, all files, settings and databases would be deleted rendering a locally stored indicator for "The app has already run before and hence user is registered" as pointless.
Another option that had come to my mind was to store the IMEI no on a remote database (with SHA1 encryption to protect the data) but the problem with this is that, if a user loses or changes his phone, his further participation would be impossible. Additionally, users understandably don't like to share IMEI numbers and it's acceptable.
The best solution in my mind was to restrict usage of the app to the Google account that was used to download the application. With this, even a change of handsets would allow further participation of the user. However, I've not been able to find a way to obtain the Android Market account (only require E-mail) which resulted in the download.
So, my question is, how do I best go about with the problem that I face? Is there a way to get the Android Market username? Or is there a worthy alternative?
The server-side option is what you want, you can get a unique id from each phone and use that as your identifier.