I have an native android educational app in which i want to add chat system. To reduce the size of the app I am using buddypress chat hosted on my wordpress website in webview.
Users have to sign in my website for chat in webview through my app. Is it violation of google policy?( There are No ads in webview)
It is not against Google Play policies but it depends on the nature for the app.
If it is targeting children I think you will have trouble. it is mentioned in Families Policy Requirements
App functionality: Your app must not merely provide a webview of a website or have a primary purpose of driving affiliate traffic to a website, regardless of ownership of the website.
To avoid any issues follow this advice:
make it clear that this (chat WebView) is a secondary feature of your app
make sure the web view does not redirect the user to any other site or give the user unrestricted access to the web (especially if your app targeting kids)
you should own the website/web app
avoid these common violations
put the WebView on its own full screen do not make it as a part of other screen
the website should have SSL certificate (https) (source)
do not make the WebView transparent or have transparency
Related
I have noticed that some mobile app utilizes webview to display and process information. For instance, this mobile app asks username/password as part of its registration process, then creates a user on my website using webView behind an activity window. Then, automatically login the user on its webView and display the content of my website.
Old days, the clickjacking issue was a popular topic using iframe. Similar to clickjacking issue, is there a way to prevent from being webViewed?
While I'm not new to software development, I'm relatively new to web development. I made a hobby website leveraging React and ASP.NET Core, and everything is functional (for now) and I learned quite a bit. However, I remembered that I was able to access the API from my browser, ala www.mysite.com/api/endpoint?parameter=42, and I've been able to access it from other devices.
There are learning materials on Pluralsight for securing one's website and/or API if said website has user accounts, but my website doesn't have user accounts since any potential users my website would have are just going to be there to look up information. How would I prevent essentially "everyone" but the frontend code for the website from making requests to the API?
Im trying to build a React-Native mobile application and the backend is totally depending on Firebase (im using Firestore as a database) I dont have any website or host service connected to this app except Firebase.
Now, on https://console.developers.google.com/ if i want to publish my app(keys) for i.e.: google sign in, im asked about a privacy policy and Terms&Conditions that should be hosted on the domains:
I have filled those fields like that but it doesnt seem right and in the future could be a problem. Can someone share their experience with Google APIs for applications that need sigin? What are the best practices?
I have built a web app (read: a website within a naitive app container) for iOS and Android. I started by adding the website script provided by Google to my app, figuring it would work since it's basically a website hosted within a container. The issue? Well, it doesn't work.
When I access the app from my phone, all I get within the Analytics GUI is that there is a user at page / nothing else despite how many pages I go to. I get the same result if I just browse to the website on my phone. However, if I go to the website on my computer, the script seems to pick up everything perfectly. I can see all pages I've visited and when, for example.
So I guess I have two questions:
Why doesn't the script work as expected through the app on my phone, but perfectly when accessing the webiste on my computer from a technical point of view? Does Google perform some sort of blocking regarding the request headers?
Is there any way to get the website script to work within an app or do I have to use Firebase for long-term and sustainable tracking?
Have in italics since the feeling I get when reading here is that the Google Analytics Services SDK for Android and iOS will probably be phased out sooner or later. According to this post the GA SDK is already deprecated. So using that doesn't really feel like an alternative.
Also, I am not interested in comments like "Why don't you use this analytics tool instead", or, "What's your problem with Firebase? Just use it".
There are two types of Google Analytics accounts. Web accounts and mobile accounts. Web accounts run off of pageview hits. Mobile accounts run off screenview hits. If you insert a screenview into a web account the only thing you will see is page / because its sending the in correct hit type.
The SDK is used for tracking mobile applications so it inserts screen views. You cant use the same Google analytics account for tracking with it your going to need a mobile Google analytics account if you want to use the SDK. You wont of course be able to analyse between the web and mobile accounts.
Cant help with firebase sorry.
I have a main website. From that main website, a user can create a child website that is running on a different subdomain. For this, I will have to create a new Twitter app to use authentication. Each child website will also use their own firebase instance, so the callback url in the Twitter app will be different. Is there any way to provision the twitter app automatically, so I can retrieve consumer tokens / secrets. Or do I really need to scrape the complete website and submit forms as they appear on the site?
I did not find any useful information but there are applications that have the same requirement.
fabric.io states that they are doing that:
Fabric can automatically provision a Twitter app (recommended) and
generate keys during the Twitter Kit installation process.
Update: fabric.io no longer supports this (see comment)