New to AdMob and trying to understand compliance as it relates to providing and deleting collected user data to a user upon request from purely programming standpoint.
In my research, it appears that there is an API for the user to at least delete the data. https://developers.google.com/analytics/devguides/config/userdeletion/v3/ being the most helpful so far though not specifically particularly helpful in code examples. This would probably be accomplished either by the developer using the client ID manually or via the developer's app -> user deletion API.
Assuming one of the two approaches is the proper way the industry is currently handling this, how is this typically handled in Swift (ideally via SwiftUI not UIKit but I can follow along either way)? Please note I am not asking how to set up AdMob in general, or how to use UMP to provide GDPR consent, or what anything related to legal/compliance beyond programming.
If there is some other, more preferred option, please let me know that as well.
Thus far I have researched the differences in client ID and user ID from an end user perspective. Code-wise, I am unsure where to start until understanding which approach to take as dictated by the answers above. I have also looked into exposing the client ID vs various items that might be used as a generic device ID but am unsure how best to obtain this as well.
Thanks!
Related
I'm admittedly unsure whether this post falls within the scope of acceptable SO questions. If not, please advise whether I might be able to adjust it to fit or if perhaps there might be a more appropriate site for it.
I'm a WinForms guy, but I've got a new project where I'm going to be making web service calls for a Point of Sale system. I've read about how CRUD operations are handled in RESTful environments where GET/PUT/POST/etc represent their respective CRUD counterpart. However I've just started working on a project where I need to submit my requirements to a developer who'll be developing a web api for me to use but he tells me that this isn't how the big boys do it.
Instead of making web requests to create a transaction followed by requests to add items to the transaction in the object based approach I'm accustomed to, I will instead use a service based approach to just make a 'prepare' checkout call in order to see the subtotal, tax, total, etc. for the transaction with the items I currently have on it. Then when I'm ready to actually process the transaction I'll make a call to 'complete' checkout.
I quoted a couple words above because I'm curious whether these are common terms that everyone uses or just ones that he happened to choose to explain the process to me. And my question is, where might I go to get up to speed on the way the 'big boys' like Google and Amazon design their APIs? I'm not the one implementing the API, but there seems to be a little bit of an impedance mismatch in regard to how I'm trying to communicate what I need and the way the developer is expecting to hear my requirements.
Not sure wrt the specifics of your application though your general understanding seems ik. There are always corner cases that test the born though.
I would heed that you listen to your dev team on how things should be imolemented and just provide the "what's" (requirements). They should be trusted to know best practice and your company's own interpretation and standards (right or wrong). If they don't give you your requirement (ease-of-use or can't be easily reusable with expanded requirements) then you can review why with an architect or dev mgr.
However, if you are interested and want to debate and perhaps understand, check out Atlassian's best practice here: https://developer.atlassian.com/plugins/servlet/mobile#content/view/4915226.
FYI: Atlassian make really leading dev tools in use in v.large companies. Note also that this best-practices is as a part of refactoring meaning they've been through the mill and know what worked and what hasn't).
FYI2 (edit): Reading between the lines of your question, I think your dev is basically instructing you specifically on how transactions are managed within ReST. That is, you don't typically begin, add, end. Instead, everything that is transactional is rolled within a transaction wrapper and POSTed to the server as a single transaction.
Is it possible to get information about user's current mobile provider(not home carrier) - for example when he is using roaming?
I don't think so using public APIs at least. It seems too cut off from the rest of iOS to access. That being said, I haven't seen any documentation that confirms it one way or the other. The problem is that I don't know where to look for said information. That's your problem too :). Sorry I can't back it up with any tangible evidence, but it seems too separate based on my gut feeling.
My company is looking to develop an iOS application which would need to make use of private APIs to function - in fact use of such APIs is the entire basis of the program (I'm purposely not revealing details for business reasons).
My question is, is there any chance that if we explained the situation, that Apple would allow an exception for our app to be approved even when using these private APIs? I believe we have a very legitimate reason to request an exception for the functionality we're looking for, so I'd just like some examples of any exceptions that have been made to the private APIs rule with details so that we can have a better idea of what might be expected from Apple. Thanks.
I'll be honest with you: no. If you're looking to put this on the app store, no.
You may wonder how I know this with such certainty: I've worked with carriers that carry the iPhone, and I've worked with very large companies with whom Apple has working relationships (ie, you can actually talk to someone fairly senior at Apple). If Apple won't let carriers use private APIs, they not going to let you do it either. One 'legitimate' private API use might be to put recent call information into a carrier provided account app. Could be pretty useful, right? And the carrier already has this information, so no problem? No. It's a big problem. Apple just won't allow it. You have to get it from elsewhere (ie, via the carrier's own database).
There are no exceptions, and currently apps get statically analysed immediately after submission. If you call a private API your app will almost certainly be instantly rejected automatically by the static analyzer. It won't even go through manual review.
If you're looking to distribute on the app store, there are literally no exceptions now that code gets statically analyzed.
Put it another way: if Apple made an exception for your app they'd have to make an exception for every app. And then your unique selling point wouldn't be so unique any more.
Sorry I can't give you a more positive answer, but I speak from experience!
Its entirely possible, but extremely unlikely. they made an exception for UIGetScreenImage(); but that was because there was a very large number of developers who had filed radars for it.
I would suggest you file high quality radars for enhancement, explaining what you want and why. also maybe consider using a DTS to find out if there is an alternative way, or if they are able to get authorisation for it.
I understand that apple no longer allows me to send "device data" to third-party services. As a result of this, Flurry and presumably every other analytics company no longer collects OS/hardware version data. However, this data is very valuable to anyone trying to target development toward the people who are actually using the apps.
I can imagine a few different ways to collect this data.
1) Send a custom event indicating the hardware/os version to Flurry. This, of course, is in direct violation of the agreement with Apple. However, I suspect plenty of people are doing this, and just not getting busted. Still, not an ideal solution. Even if Apple didn't notice that we were sending this data, I'd rather not have the possibility of the app getting pulled hanging over my head.
2) Use an analytics package which allows me to collect data on my own server. Localytics is one company which seems to offer this. However, I don't think they offer this with their free plan. Is anyone aware of any free (or cheap) analytics tools which will allow me to send data to my own server?
3) Roll my own solution. This could either be an entire replacement for Flurry, or I could continue to use flurry, but send only the device data to my own server. This is a little clunky. I'd much rather have all my analytics data in one place. And would much rather not have to deal with building my own tool if I don't have to
So, is anyone else collecting device data? Are you using one of the above techniques? Or maybe something different I hadn't thought of?
Hi maybe "Testflight Live" could help you.
As far as I know Testflight is allowed by Apple.
https://testflightapp.com/sdk/live/
I've heard of people using UIWebViews to connect to a webpage with a counter. The counter is incremented each time a page is accessed, and the pages are separated by feature/UIView. This way the developer can tell which features get the most usage.
As far as device data, you most likely are looking at rolling your own tracking mechanism, probably going through a server like Google App Engine that's set up to receive your data.
I made this an answer so I could continue to check back, because I'd like to know some more info as well. I voted up your question and favorited it
Good luck, sir
I've searched the web for this bit to no avail - I Hope some one can point me in the right direction. I'm happy to look things up, but its knowing where to start.
I am creating an iPhone app which takes content updates from a webserver and will also push feedback there. Whilst the content is obviously available via the app, I don't want the source address to be discovered and published my some unhelpful person so that it all becomes freely available.
I'm therefore looking at placing it in a mySQL database and possibly writing some PHP routines to provide access to my http(s) requests. That's all pretty new to me but I can probably do it. However, I'm not sure where to start with the security question. Something simple and straightforward would be great. Also, any guidance on whether to stick with the XML parser I currently have or to switch to JSON would be much appreciated.
The content consists of straightforward data but also html and images.
Doing exactly what you want (prevent users from 'unauthorized' apps to get access to this data') is rather difficult because at the end of the day, any access codes and/or URLs will be stored in your app for someone to dig up and exploit.
If you can, consider authenticating against the USER not the App. So that even if there is a 3rd party app created that can access this data from where ever you store it, you can still disable it on a per-user basis.
Like everything in the field of Information Security, you have to consider the cost-benefit. You need to weigh-up the value of your data vs. the cost of your security both in terms of actual development cost and the cost of protecting it as well as the cost of inconveniencing users to the point that you can't sell your data at all.
Good luck!