Security options keeping us from testing applications - facebook

I work for a iPhone game developer. We use Facebook as a way for people to register their account to easily add friends and post news of their game progress.
We have created several Facebook accounts to test game account attachment and various friend features our game has.
Unfortunately, recently added security features are preventing us from logging into our test accounts. We are being asked to enter in a cellphone number to receive a SMS with a code to enter so we can verify they are real people. Unfortunately, after a phone number is used once, it cannot be used for any other account. So at the moment, we have two accounts that can be used, and about a dozen accounts that are inaccessible to us.
I haven't been able to find any solutions to this problem and we are really short on time at the moment so I need one ASAP.

They dont want you to create accounts like that, they want you to create accounts like this

This is odd, when I have test user accounts they never ask me to confirm the account. Maybe you should generate new test users for your app at: https://developers.facebook.com/apps/{yourAppId}/permissions. Then click on Add in the test user section.

Related

Can you give a certain account a in app purchase for free on your google play app?

So I'm making this game in unity that I'm also publishing on google play. Now I wanted to give a free in app purchase to the first 10 people who donated to me on a different website. So then I emailed them a key, and so there's gonna be a form in the game that asks for the key and then if you submit it gets sent to my dev email.(reason why i'm not just using some file with keys is because I think it's insecure since people could find it) After I review it, then how do I give the user the IAP?
The method that I used in one of my projects was by adding certain codes to my databases on firebase And when the user puts the code you gave him, the script goes to the database and then checks if the code exists and if it does, it deletes it and gives the player the gift so he can't use it more than once.

App Rejected on 17.2 clause. Asking for email ID

My app is a sync solution (imagine dropbox).
The user needs to sign in to access the app's features, and if he does not have any account already created, he can sign up.
The sign up asks for email id verification, and this email id is also used if the user has forgotten his password to send him one.
but Apple has rejected this app saying:
17.2: Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected
We found that your app requires customers to register with personal information to access non-account-based features, which is not in compliance with the App Store Review Guidelines.
Apps cannot require user registration prior to allowing access to app features and content that are not associated specifically to the user. User registration that requires the sharing of personal information must be optional or tied to account-specific functionality. Additionally, the requested information must be relevant to the features.
Although guideline 11.6 of the App Store Review Guidelines requires an application to make subscription content available to all the iOS devices owned by a single user, it is not appropriate to force user registration to meet this requirement; such user registration must be made optional.
It would be appropriate to make it clear to the user that registering will enable them to access the content from any of their iOS devices, and to provide them a way to register at any time, if they wish to later extend access to additional iOS devices
Please help me solve this. Many apps like dropbox/facebook require login.
I don't get the exact reason why they rejected my app.
Also, please guide about the in app purchase, why registering cannot be mandatory
Asked App Store Review people for clarification on their rejection.
They accepted it. and the app got approved :D
Its on Appstore now :)
I also Faced this kind of Problem and my app also Rejected due to this.And Again I Changed my App flow Like User Registration will be Optional. User can See all the Feature of the app with out Registration by skipping this step.If he want to do something user-specific then you can ask to register such as : (user like,comment,photo upload etc) or else he can use the contents and features which are public.
in Case of in-app Purchase You can Prompt user that if He will Register with your app he can able to use this Content in his all devices.
It would be appropriate to make it clear to the user that registering will enable them to access the content from any of their iOS devices, and to provide them a way to register at any time, if they wish to later extend access to additional iOS devices
Apple does not allow apps that require you to share person information to work, like an e-mail address.
You options are, remove the need for an e-mail address or remove account creation form you app and move it to a website.
It also states that you app is asking to create an account to access the full app and even needs the account or acces features that do not require the user to have an account. You can make those features available with out the account creating you might be able to get thru the review.
The reason apps like Facebook and Dropbox got thru the review proces is because they don't have a register option which is in app only. They redirect to a website.
I recently spoke to an Apple Rep over the phone in regards to an app of mine that was also accused of violating clause 17.2.
I explained to him that the email would be used for password recovery, monitoring transactions within the marketplace, and managing any inappropriate behavior (such as users uploading offensive or copyrighted content). The rep responded, "Sir, the clause states 'Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected'. I cannot allow you to require your users to submit their emails if its not account-based". He did not seem to understand that the emails are account-based for the very sole purpose of security.
I did mention to him that Instagram and Facebook alike require logins at startup. He simply replied, "Yes but those apps are entirely account-based."
Honestly, I felt he was blindly following Apple's Guidelines ("Because that's what it says we must strictly follow!"). He had little understanding of how social networking apps operate, and even less understanding of the law (specifically the DMCA - on a separate issue). Explaining to them how all that works proves to be futile; they wont budge because they are asked to follow Apple's BROAD Clauses as strictly as they do.
My conclusion: I had to compromise the app's user flow such that the app's registration page can be skipped, and all other functions within its marketplace were locked to non-registered users. It makes no sense.
The sign up asks for email id verification, and this email id is also used if the user has forgotten his password to send him one.
Apps cannot require user registration prior to allowing access to app features and content that are not associated specifically to the user.
It seems to me that the point is that you are asking the user to provide his email address as a step towards the creation of a user account. This is different from what dropbox and other apps do (i.e, you provide your credentials for your dropbox account, which is different from your email address, although it can be the same).
You may either remove altogether email verification, or you could postpone it to a later point when you have made clear to the user that this is required to access private information.
I got the same thing last week and this is Apple's reply:
As for the 17.2 issue, a nickname, avatar, or sharing are not inherent or specific features of those social networks, and thus, the user should not be required to register with those services, or provide you with access to their social network accounts. The user should not be prevented from using your app and service if they do not provide this information.
Instead, it would be appropriate use your own authentication method and give users the option to create a nickname and upload an avatar, independent from those networks.
Moreover, we realize that these social networks may be very popular. However, the popularity of the social network is not an appropriate reason to force a user who has not, or chose not to register and provide their personal information to those services, before they can use your app.
Therefore, we ask that you to include your own authentication mechanism to allow the user the option to register only with you, creating an account with only the information needed and relevant to your app's features.
Best regards,
App Store Review
So in short, you have to provide custom authentication and not just use Facebook. Although I've seen many Apps who do require you to login with Facebook.
Thanks,
James
It happened same for me, although the first version was approved, the second version was rejected for this reason, I added the Skip button at the landing view.
It's all summarized in the last paragraph. Apparently, your application doesn't inform the user (in a clear way) that registering is for syncing and from their reply, it seems that your application is useless without the Sign Up.
If that's the case, you should be more specific why you need the user to register.
On a side note, I personally don't like the applications/websites that force you to register before you see or try anything. I hope your application isn't the same.

Facebook Developer Account Verify

I created a new Facebook account and verified it with my cell phone. I even see "Your mobile phone has been successfully verified." in https://www.facebook.com/confirmphone.php address.
So, everything seems perfect.
Then, I became Facebook friends with my friend (he is also verified and already created an Application). We are trying to add ME as an ADMIN for this Facebook Application from HIS account.
Even though both are completely verified by phone, HE canNOT add me as ADMIN for that application. He is getting
Only verified developers can be added as listed developers of this application. Read http://www.facebook.com/help/?faq=17580 for details.
message all the time.
We waited more than an hour just in case the Facebook system did not recognize my new verification.
In fact, I even tried removing the phone number and get verified again.
None of above did work and still getting the message which does not allow me to become an Admin of the application.
Could you help me?
Thanks in advance
I've heard of people having all kinds of problems with the developer section of Facebook.com
One resolution seems to be to log out of both accounts and log back in again.
It turns out that, facebook itself does not accept my account and thinks it is duplicate account. And in order to make them believe the Facebook team want me to provide these below:
Our systems indicated that your account may not be authentic based on
a variety of factors. If you believe you are being prevented from
creating apps by mistake, please reply to this email with a digital
image of your government-issued identification. Make sure the
identification you provide meets all of the following requirements:
Must be government-issued (e.g. passport, driver's license)
Must be in color
Must clearly show your full name, date of birth, and photo
If possible, please save this file in JPEG image format.
I dont know why they are making such a huge problem.
In my case, I used phone number to login my account and hadn't any email attached. after adding email as a primary contact I was able to verify my developer account.

Is it acceptable for an iPhone application to require a login on first startup?

Will Apple accept an application that requires a login to an online account the first time it boots? I'd like use this to link the user to an online highscores system for a game and for some analytic purposes.
Yes, there's many, many games that do this already. In fact when you submit your app for testing, there's an optional text field that lets you provide the test engineer with a pre-existing test account name & password.
I'm not sure I like the idea of requiring a login account. Optional logins are fine, but requiring such activity is too much of a hassle or privacy concern for some people.
As a consumer, I like having the option to opt out of signing into such services. I would recommend supporting your customers' prerogative to choose anonymity or privacy over the benefit of being eligible for the high score system.

Facebook Connect Implementation questions

I hope this is allowed but I have a number of questions regarding Facebook Connect, I'm quite unsure on how I should approach implementing it.
I am working on a live music type service and currently have user registration, etc. If I were to implement Facebook Connect alongside this, would I still be able to email the Facebook Connect users as if they were on my database?
Also, would it instead be possible to let users who have Facebook "link" their accounts once registered so I am able to give them the benefits of sharing via Facebook and inviting friends while still having an actual registered user on my system.
I have tried to read up answers to the above questions but what I've found is quite ambiguous.
Thanks, look forward to your views.
Facebook's documentation process is very poor, so don't feel bad about having a hard time getting started. Their wiki-style approach to documentation without any real official documents tends to leave the "process flow" tough to grasp, and requires piecing together parts of a bunch of randomly scattered docs.
Facebook has an obligation to protect privacy, so they never make a user's actual email address available to application developers, through Connect or normal applications. They do have a proxied email system in place that you can use, however, you must get explicit permission from a user in order to email them. There's a decent document on proxied email here. You can get permission by prompting for it; there's several methods for doing so linked in that document.
In regards to linking Facebook and local accounts, this would definitely be the way to go. Once a Connect user logs in, you want to store that fact for that user so you can provide the Facebook-specific functionality. I would simply create a normal user account in the database for every new Connect user that came by, with it's own local id, so that you don't have to do special handling of two different types of user accounts all over the site. That being said, the account would obviously have to be marked as a Facebook user's account (I use an externalId column in my users table), and any part of the site that relied on information you might otherwise have locally would have to handle the Facebook aspect properly (such as using proxied email instead of normal email).
For existing users, you could arrange an "account link" by having a process whereby they log into FB Connect after they've logged into the site already, and you could detect that and simply add their FB id to your users table. After that, they could log in through Connect in the future, or through your normal process. I've never done this, but it should be possible.
If you write the account handling code generically enough, your site will be able to function well no matter what kind of user you throw at it.