Can I send a message via mail to top players in the leaderboard?
Is there a way to get the list of their emails?
I'm pretty sure Apple will never give a user (or developer) another user's personal information, such as their email address. That would lead to all kinds of abuses and ill will.
You can ask for information in your app and some people will voluntarily give it, although a lot will not. You would have to provide your own server to collect the information; there's no game center function that passes information from the user back to the developer other than game statistics.
If email is the only thing you want I think Apple will approve an app that gives the user some reason to email you then you can use the From: or Reply To: address to communicate back to them. But that would still be voluntary on the part of the user.
If you have an email address, you can use MFMailComposeViewController for sending an email. Hope I helped.
Related
My company is developing a cloud contact management service and on our iOS app we're having some problems launching a particular enterprise email client app when the user presses the "Email" button on one of their contacts.
One member of our team came up with an idea to get around the problems with this enterprise app:
We let the user specify their email address in the app's settings and create our own email composing screen. Tapping the email button on a contact would open the composing screen, they would write their message and then we would send it on their behalf from our servers (or via service like mailchimp).
Basically, this would mean we would have to create an endpoint on our api that would accept a POST request with 'from', 'to', 'subject', and 'body' fields which would send the appropriate email.
This seems like a very bad idea as it's essentially creating a free, anonymous email service that could easily be abused send spam.
A few extra notes about our setup:
We don't verify an accounts email when they sign up
Even if we did verify the account's email, the user would need to be able to specify any email, as they may have signed up with personal email, but want to email someone from their work email.
Our API doesn't currently have any kind of rate limiting
Instead of having a from field in the request, we could instead send the id of the contact they want to email. This doesn't really change anything because if someone wants to abuse the send email endpoint they can also abuse the create contact endpoint.
So exactly how much of a bad idea is this, and how can I convince my team not to do this?
A few thoughts against doing it:
This is the perfect spamming service, which could damage the reputation of your company (reputational risk).
Your email servers would very quickly make it into blacklists (RBLs), making your outgoing emails land in spam folders in very many recipients' mailboxes.
Even if your servers are not yet in RBLs, if you send a forged email like that and proper email security is set up at the recipient end, your emails will still have a good chance to get classified as spam. Have a look at things like SPF and DKIM.
This could even have legal implications. Imagine the scenario when one of your users uses this service for something like blackmail. Would you be able to prove it was not you? Probably yes with the right controls, but would you want the hassle?
Still on the legal side, many countries (the EU, mainly) have data protection regulations which strictly control how personal data like email addresses can be used, especially for commercial advertisement. You probably want to adhere to that, but that would be hard with such a service (note that I'm not a lawyer, in such a case it's probably the abuser of your service that would offend these regulations and not you, I don't know, but it's something to consider).
If anyone can just send emails, it will be fairly easy to perform a denial of service attack against your services.
A few controls you could implement to mitigate some risks:
When adding a sender (from) address, you should validate that by for example sending a (cryptographically random) token and checking if the user can send it back (eg. by clicking a link in the email). If he can, that proves to some extent that he controls the email address and is probably a valid sender.
Limit the possible recipient addresses if you can. The best would be if recipients had to opt in to receive emails. If this is not possible, at least let recipients opt out from further emails. For this, you would have to add something like a footer to emails with "never again" links, and implement a facility to maintain recipients to which you must not send anymore.
Implement rate limiting. Depending on your exact scenario and use case, only allow to send the least number of emails acceptable for your application.
Implement proper logging so that you have an audit log of who exactly sent what email to whom. For this, log metadata like IP addresses as well. For this, you will likely have to authenticate your users.
On an operational level, have monitoring in place, and be prepared to ban offending users, based on a clear ToS shared with your users.
I know this is likely to be answered "sorry buddy", but is there a way i can access my recently sent emails from another iOS app? I really don't need the contents of the emails just the addresses. Basically if you haven't stored the contact information in your address book, I still want to be able to pull those addresses.
For example in the email app, when you compose a new email, as you start typing in an email address it will try to autofill with recently sent/received email addresses. I'm trying to mimic this behavior.
Point me in the right direction if there is already a stack overflow question about this.
No, there is not API that will allow this.
Apps can't acces other apps data since they are sandboxed.
Given the quick answers I received confirming my suspicion that this can't be done, I'm thinking I will just provide a way people can set up email accounts the way the built-in mail app does it. By that I mean I will allow people to select from the major web-based mail providers like gmail, yahoo mail, .. then also allow them to create a mail account with their mail server (address, username, password, port, etc.)
It's kind of overkill since I just want their recently used email addresses, and will scare off people who don't want to give access to their personal mail, but if its all i can do then so be it.
I would like to send some info from within the app per email - but restruct the recipient list.
I know when sending emails the standard email-dialog opens. However, is there a solution anyway? Possibly somehow intercepting the "Send" Btn and at least check the recipient list.
No, you cannot do this. iOS requires that the user controls the final setup of an outbound email for security/trust reasons. If you're asking for undocumented workarounds, someone (not me) might know one, but your app won't be App Store-eligible if you find one.
As commenter #Rog says, if you send email via your own server, you can do this however you want without Apple's restrictions.
I have MFMailComposeViewController in my app in order to allow the user easily email me about suggestions and feedback on the app but I get about 3 emails a day which are just empty in the body or just the users email signature.
Is there any way of checking if the body of an email is not empty before it is sent with MFMailComposeViewController?
This is not a programming answer, and might be a bit off topic, but I have released a few apps with similar functionality, and have seen the same thing.
I have also talked with a few of the users who have sent in empty emails, and have learned that sometimes they sere just trying out the various functions of the App, and sometimes they get to the feedback page, but don't want to take the time to type out an email on their phone.
I would think of this as more of a customer service problem, and less of a programming challenge. I would use the opportunity to follow up with the users who send the empty emails. (At least now you have their email - if you don't let them send the form without a body you will likely never get it.) One option is to send a standard follow-up email that says you received an empty email from them and would love to hear their feedback on your product. (Perhaps even send them a quick survey) .
Once you have displayed the MFMailComposeViewController's view you cannot get at the message or control the behaviour. You cannot stop people sending empty mails.
If you really want to do this you will have to write a replacement view and controller. It is probably easier to filter the blank mails at the receiving end though :-)
I want to send mail from an iPhone app without showing an MFMailComposeViewController. I also want this mail to be sent from the user's default Mail account. Is it possible to do this?
This is not supported by the iPhone SDK, probably because Apple doesn't want you to do it.
Why not? My guess: Because it's easy to abuse. If we knew user's email address, we could spam them, we could fake emails from them, etc. Imagine finding out an iPhone app sent an email as you without your knowledge -- not cool, even if the app had good intentions.
So, anything you do to get around that, is likely to get you rejected from the app store.
Having said all that, you could basically write your own smtp interaction code to chat with the user's outgoing mail server. For example, if the user has a gmail account, you could ask them for their email and password, you'd have to know how to talk to the gmail servers, and send email through them.
Going that route means asking the user for their username, password, and either asking for or figuring out their mail server information. Another choice is to send directly from the phone (your own smpt server, not just a client), which is a bit more coding. And if you write your own server, the mail you send is more likely to be blocked since your originating IP might not match the domain on the sender's email.
There also exist some libraries that might help out. Previous related question:
Open Source Cocoa/Cocoa-Touch POP3/SMTP library?
There are legitimate reasons for wanting to send an email. (Such as communicating with a server using SMTP instead of HTTP)
This blog post should get you going: http://vafer.org/blog/20080604120118
It is possible to use MFMailComposeViewController without user interaction. See my answer on the iPhone send email not using MessageUI question.