Is AppTrackingTransparency permission needed when only collecting data for user registration? - app-store

I am bit confused about AppTrackingTransparency permission requirements.
My app does not sell or transfer data to any third party company.
My app has Registration Page, where user will provide his address,city,state and cell Number as part of registration.
For search i need GPS location for which I already prompt user for permission.
So was wonder if i need to implement AppTrackingTransparency ?

Related

Re-authenticate with provider in Firebase and SwiftUI

I managed to re-authenticate the users with Apple, Facebook, Google, Email, and Phone in Firebase with SwiftUI, but when the users re-authenticate with Facebook or Google, the provider information is already stored there, so the user doesn't really re-authenticate. How can I make the user write their credential information for Facebook and Google when they re-authenticate?
For anyone stuck on the same thing, the best alternative was to use either an email-link or phone number to re-authenticate. And since all users have both, the re-authentication is simple.
Also, side note: If the user signed up by using Google provider and they try to re-authenticate by a email-link (I assume this happens with Facebook and Apple too) Firebase automatically links authentication for Passwordless-autentication to their Google account on my app, which makes re-authentication for sensitive actions really simple!

Save granted permissions in a Actions on Google app to avoid asking for it more than once

While building an app using actions-on-google, i ask user for device location.
I need google assistant to remember if user grants this permission to avoid asking for the same permission again when user uses the app later. How do I do this?
Thanks.
You can't save the permission, but you can save the location as Yuksel has suggested.
This works well if you're expecting the location from a relatively fixed device such as a Google Home, but not as well if you're getting the location from a mobile device.
If you are planning to get the location from a mobile device, you need to request it each time.
Once the user grants you access to the information you need, you can store that information in UserStorage. That way you can check if a user has information stored in their UserStorage, before asking for a permission.
Please not that if you're storing personal data about the user, you may need to ask for their permission,not only to query the data but also to store it as well. As stated in the docs:
Some countries have regulations that require developers to obtain
consent from the user before they can access, or save certain
information (e.g. personal information) in the userStorage. If you
operate in one of these countries and you want to access, or save such
information in userStorage, you must use the Confirmation helper to
ask consent to the user and obtain the consent before you can start
storing such information in userStorage.
You also need to state that you're saving data in your privacy policy:
If you store the user's information, remember to disclose it in your
privacy policy when submitting your project for review.
As discussed in the comments. You CAN'T get users permission once and query their location multiple times. You need a new permission each time you query the data. If you suspect that users location might change every time they use your action (i.e. Actions that mainly target smart phones), you can handle it as a dialog turn. Here's an example:
System: Would you like to know about the weather in $userSavedLocation?
If user says yes, no need for permission. If they say no, then ask for permission again.

How the social logins affect the Application Data and Ability for being purchased?

If I create an app with social logins and the app have huge amount of data, are these data under the social login company hands (for example Facebook), can they use it or make whatever they want with it ?
And does the app that has a social login affect the ability that someone may purchase it for example can Google buy an app that has Facebook login ?
Or it is not worth it and I should create my own authentication system ?
Thanks in advance.
You should read the privacy policy. Most of the times they don't use the information if user doesn't accept that it can be used. Some companies use the information without referring to the specific user information like email or name, but they may use it for getting demographic statistics.
If your app has only one social login is your own choice, but since social login doesn't make your app belongs to the social website, there's not problem for other company to buy the app. But it is always recommended to include a developer login and to leave space in your backend to connect to other social media. For that specific case I think that if Google ever buys your app they will pretend to add their own login.

Complete app user account management using facebook?

I can't really figure out what exactly the facebook API and its services are capable of in terms of user management. Given that I would completely rely on facebook for registration and login, does facebook only provide the authentication and registration process and return me data to store in my own database or does it also itself store a list of already registered user accounts which I can query later on so that I could completely outsource user management from my servers?
If you only need to authorize a User, you don´t need to store anything. You only need to store them in a database if you need to identify returning Users, or if you need to use his data while he is not online.
There is no user management though, you can´t just get a list of all users who authorized your App from Facebook. That´s what you have to store on your own. Make sure to implement the possibility to remove a User from your database, Facebook offers a deauthorization-callback in the App settings for that.

Do I need the email permission to obtain the user's Facebook email during registration

I am integrating Facebook authentication, registration and app requests with our web app, using a combination of the the Javascript SDK (to manage FB buttons, dialogs, client-side API, etc) and the PHP SDK to process signed requests, auto-login facebook-connected users and use the API to process app requests. I have most things working well and the overall workflow is acceptable.
My question is specifically regarding the "email" extended permission and whether I need it to guarantee that the signed request returned during by the registration plugin will contain the user's email.
I am aware of the current limitations of the registration plugin (in that you cannot ask for extended permissions), but I need the email of the Facebook user when they register. This is so that the user can login both with their FB credentials and standard email/password as per non-FB connected users. (Please don't just suggest that I change the registration process to allow users to register without email - this is a hard requirement for several good reasons that I won't go into here).
At the moment, I am attempting to to "shield" the Facebook registration with a login process to force the user to provide the "email" permission before registering. However this is clunky if placed as a pre-step to FB registration, and/or difficult to guarantee that the user will have passed through this step before reaching the FB registration form.
Does anyone know for certain whether the "email" extended permission is actually required to guarantee getting the user's email during the reigstraion? I cannot find any settings in Facebook (for my test users) that would seem to prevent apps getting the email. Does the fact that I have included the email field in the registration form guarantee that I will get it back in the signed request?
Please note that at the moment, we have no other requirements for extended permissions, and as we need them, we plan to ask the user at the point of need.
Any help/confirmation would be appreciated - I have searched, but cannot find the answer to this exact point (although I could of course have missed it!).
You shouldn't need your users to authorise the app before using the registration plugin, the registration plugin exists specifically to avoid apps having to build in their own system for having users authorise an app before their data can be used to prefill a form.
If you use the registration plugin with fb_only specified, and request the email field, you'll receive the user's email address in the signed request callback when they register.
If you allow users to register using the plugin, but without requiring them to use their Facebook data, the email field could contain whatever email address they've entered manually.
The full documentation is at https://developers.facebook.com/docs/plugins/registration/