I am doing research on an Eddystone project where the user would receive personal (and therefore to some extent confidential) information based on an Eddystone URL on their phones. There is no app involved, so the user would be directed to a webpage (based on the eddystone URL) which will display the info.
I am wondering regarding the security implications of this: Without an app, I guess the EID cannot be used - is this right (or is the EID accessible in the notification and can be passed to the destination website as a parameter)? Therefore, I suppose anyone with the name of the url could then access this information which would become a problem as you could scrap the data for every user using the service with a simple script that reads this website every now and then.
There may be a way around it if the url in the beacon can be changed on the fly to something like www.abc.com/some-random-number. That would work but it would mean that the beacon url must be updated frequently.
Does anyone know of any beacons that come with an API that would allow me to do this from a Windows machine (I know manufacturers have apps that can change beacon data but that is not an option because this should run without user intervention)? E.g. I was thinking of a USB beacon that can be accessed from a little piece of software on windows which changes the url.
Or does anyone have a better idea on how to deal with this?
Thanks,
Chris
If you are going to show the website visitors some personal and confidential information, I do think the only way to go about is to have some sort of login on the website. The ability to change randomly the URL address that the beacon broadcasts would not be helpful, as you need a way to connect the random website address to the individual accessing it. The EID is a way to distinguish which apps can receive specific beacon information - it does not check which individual is using the application. (And you can only utilize it with applications, at least for now).
Related
I'm looking for a way to store data for a Google Assistant action for all devices/users in a household, without requiring voice matching to identify a user.
I know you can store data in user.storage, but I don't necessarily want to require voice matching to link to a user, and if I use user.storage the data will only be associated with one user. I just want anyone on any of the devices (Google Home) in the household to be able to use the data persisted in the action.
One approach could be to obtain the device ID (if possible) when setting up the action and store the data by device ID. Then link all other devices in the household by device ID through the list of devices associated with the original user's account (if that's possible). Any other options?
This is currently not possible, there's no way to save data and have everyone in the household access it. I'm sure you've already seen the documentation on Save Data in a Conversation.
On shared devices like Smart Displays and Speakers, personal results are turned off by default. They can be enabled again following these instructions:
Open Assistant settings on your Android phone
Select device in "Assistant devices"
Turn Personal results on.
But this means other household members can see personal results, e.g. Calendar entries.
To determine if you will be able to use userStorage, you can use the recently launched GUEST/VERIFIED flag, see documentation here.
User storage is designed to work at a user-only level. If you don't have something like voice match setup, user storage will not persist. The best approach to having family or multi-person data sharing would be to use something like Google Sign-In to get their email, and then have a companion service like a website where users can share access with other emails. Then your service can pull from a common data source.
I created an app on google home, and I want the app to work only if its MY voice who that asks to do the skills on my google home
How can i do that? Is this possible? I configured my google home at beginning for it recognize my voice, now how to make it mandatory for this app?
I'm trying to make my app secure because it's make banking operations by voice.
Each user request is sent to your application with a unique anonymous UserID. You will need to determine the UserID that belongs to your account (by looking at logs for your application to see which value is yours) and reject requests from other UserIDs.
Even better would be to setup a more proper Account Linking system.
Keep in mind, however, that the voice authentication system isn't perfect and there is a slight, but possible, way for others to duplicate the request - either by using a recording of your voice or by having a similar voice. Consider all the risks when designing such applications.
I'm developing my first iPhone app to make what is effectively an app version of a fantasy league I created for work colleagues.
I am using Parse for the backend of the app. I only want people to be able to register with their work email address ie only if their e-mail address is _#mycompany.com
I'm sure this would be quite easy to someone who knew what htey were doing but I'm kind of new to this so any advice would be much appreciated.
Thanks
You could do this in a number of ways. The easiest way would be to have the validation happen on-device - just check the e-mail address the user has put into the app, and only allow the registration to happen if it matches the domain you want to limit it to.
However, although this is very easy it's also open to abuse and it's not very flexible (if you want to add additional domains, you have to update the app).
Fortunately, Parse offers cloud code, which lets you validate data server-side. Cloud code is written in JavaScript, and you then upload it to Parse. There is full documentation on Parse's website, including examples for validating data.
I have built a Custom B2B app for one of our clients. My question is how to automate the distribution of the redemption codes.
I have already looked at some of the MDM providers. Their solutions are too expensive and all we really need is a way to distribute the app from a webserver, not manage a bunch of mobile devices.
As you probably already know, when a client buys a Custom B2B app through the Apple VPP program, they get a spreadsheet with valid redemption codes for the number of licenses they have built. This spreadsheet has 2 columns: 1) redemption code 2) URL to redeem the code
I want to provide my client with a URL where they can send their users to download the app. They just don't have the expertise/infrastructure to distribute the app themselves. And emailing clients is not going to work.
I'm not a web guy, but it seems to me that we could write a webpage that would look at the spreadsheet for the next available activation code and then redirect the user to the associated URL. I'm not concerned with the number of licenses they distribute since I have another way of auditing the real number of users (Flurry). So I want this to be as painless as possible.
In fact, I have multiple clients and want to provide them each with their own URL for their clients. It seems like this shouldn't be too difficult to code.
The problem is, I'm not the guy to write that code. Any ideas on how best to do this?
Assuming that you don't want to show the user a website you should be able to do this with an online service like parse.com and the features it offers.
From a user POV you would supply them with a link which directed them to parse.com with a path and parameters indicating the action to be taken (get app) and what account is associated. This would redirect the users browser to the appropriate destination.
The main issue (and this applies to any solution) is knowing if the user actually followed through and used the code. i.e. should it be removed from the DB so it isn't offered to another user in future. Then you would update the DB each time you get a new spreadsheet.
Anyway, this could be achieved with a little javascript in parse.com, specifically, by using cloud code which can interrogate and modify the DB and then redirect the user.
Obviously if you need user authentication of some kind or other restrictions then you would need to start adding some web interface on top of this in order to collect the details.
I am building app that will serve some content to the users via my private server. At the server-side I would like to identify user, so that I don't serve same content twice to the same user. How can I identify user(s)?
One way is DeviceID, but user can have multiple devices...?
Is the only way to have my own user IDs for my application (registration). I don't like this as it adds extra complexity to the app.
I know it's a hard task, but maybe facial recognition (from the webcam) could help in logging in users, since it doesn't imply any relation between user and device.
For example, face.com offers a free web-based API for facial recognition.
Although, Ishu's answer (username/password) is the easiest and most standard way to do identify users.
Make an id for user's and also a login page in the app. save his id with in you content table for send that content for that user. if that content entry already having his id then don't send to him otherwise send to him.
I don't think there is another option. You must use user id nothing else.