Apple rejected my app Guideline 5.2.2 - Legal [closed] - appstore-approval

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 2 years ago.
Improve this question
I build an app using the official Zoom SDK with the intention to publish it in the Apple App Store for iOS.
Apple rejected the app saying:
Guideline 5.2.2 - Legal
Although Zoom Video Communications, Inc. may allow the general public to use their service, we still require the documentary evidence that you have all the necessary rights or permissions to request, display, or distribute account information in your application.
Next Steps
To resolve this issue, please attach documentary evidence in the App Review Information section in App Store Connect. In accordance with section 3.2(f) of the Apple Developer Program License Agreement, you acknowledge that submitting falsified or fraudulent documentation can result in the termination of your Apple Developer Program account and the removal of your apps from the App Store. Once Legal has reviewed your documentation and confirms its validity, we will proceed with the review of your app.
I want to work with them to get this app published and I want to avoid endless feedback a review looks. And so I replied in the resolution center that I don't understand how I can comply and whom I shall ask for what written permission. I suggested that we could have a brief phone call. So far I'm waiting for Apple's reaction...
From what I understand Apple wants me to go to Zoom to ask for written permission to use their SDK. Am I correct? (Imagine every developer that uses some publicly available SDK has to ask the publisher for written permission). Or what exact steps are required to get this resolved?
I found this here: Apple AppStore Reject and from what I understand there should be no issues with using an SDK. Very frustrating. I don't want to argue, I want to comply. But I don't know how and what to do?
Just found this: https://medium.com/swlh/my-app-is-dead-in-the-water-93a97a137eff
Matt wrote as an update:
Edit 11/20/18: Hacker News Zero has been approved! It seems like the attention this article got had some sort of effect at Apple App Review HQ. Thanks everyone for your support!

Got the app accepted with this github.com/zoom/zoom-sdk-ios/blob/master/LICENSE.md

Related

Vulnerability TrustManager

Our app has been in the Play Market for 4 years.
Before the last build, we added AppMetrica in the app:
implementation 'com.yandex.android:mobmetricalib:3.13.1'
implementation 'com.android.installreferrer:installreferrer:1.1.2'
implementation 'com.yandex.android:mobmetricapushlib:1.5.1'
The project with these instruments was successfully uploaded into the Play Market without any notifications (errors or warnings). In a few weeks after that, I made minor changes in sending reports in the AppMetrica and received the following notification from Google:
"We reviewed XXX, with package name XXX, and found that your app uses software that contains security vulnerabilities for users. Apps with these vulnerabilities can expose user information or damage a user’s device, and may be considered to be in violation of our Malicious Behavior policy.
Below is the list of issues and the corresponding APK versions that were detected in your recent submission. Please migrate your apps to use the updated software as soon as possible and increment the version number of the upgraded APK.
Vulnerability TrustManager You can find more information about TrustManager in this Google Help Center article."
We don't use TrustManager and his classes in the project.
What can be the possible reason for rejecting? Is it possible that this rejection was made by mistake? How can we find out what is the reason for that? Can AppMetrica cause this setback and should we stop using it?
Also, in the rejection text they said you can set up the network config (https://developer.android.com/training/articles/security-config) in the app -- how can it help?
We are fighting this trouble for two weeks and we hope for your help

Registration or Licensing for an Adobe Air software [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I am making a Adobe Air software which needs to work on Windows, Mac and Linux. One of the issues that has confused me is the registration/licensing process.
Basically, I want users to try out the full version of software for a month and then buy if they find it useful. What I am not able to figure out is how the licensing would work on all these platforms.
There are no registries in Mac and Linux where I can store the trial information.
If I somehow maintain things locally in a db, post trial, if the user simply uninstalls and re-installs the software, the trial would start again for 30 days.
Don't want to store things in filesystem as that's not even close to actual authentication.
Doing an online activation of the software is a little resource consuming and has network dependency, so that option is also out of scope.
What way should I choose? what other options do I have? Does adobe provide any support for this... any 3rd party libraries that I can use for free?
I use LimeLM (https://wyday.com/limelm) to do licensing for my Adobe Air app (Windows and Mac, no linux). Like you I have a 30 day trial, LimeLM has a trial feature which is tied to the hardware, so uninstalling/reinstalling won't give users another free trial.
LimeLM requires network activation BUT you can allow for grace periods, so someone must connect to the network, say, once in 30 days of use to activate.
I agree with the above post that EncryptedLocalStore is a good idea as well.
Unfortunately the licensing options for Adobe AIR is limited. LimeLM is functional and cheap (they don't take a cut of purchase price). I looked at NitroLM, which is very expensive (I think they take 30% of purchase price) and very complicated - I could never make sense of it. Zaqon also is out there. I didn't like the way their licensing interface looked to our users. LimeLM was the most flexible.
Have you tried EncryptedLocalStore? Data stored in ELS remains even after app uninstallation.

Who is responsible to look into client reported issues [closed]

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 6 years ago.
Improve this question
In our organisation we deliver products to different product lines depending on the requirements. in short the same application is customised according to customer requirements and delivered. After deploying the application sometimes we got some issues logged by client.
My question comes here. who is responsible to look into the issues and solve it
Programmers
Testers
Management is asking Testers to have a look into the issues and solve them. But the testers don't have the chance to look into the code. is it feasible to ask the testers to go for the issue resolution and end up wasting time doing nothing thus delaying the solution to the customers.
I would normally expect management to look through the issues every so often (say, every week), and allocate depending on schedules, severity, forthcoming releases etc. Some questions are:
is it an issue a bug, a feature request etc.?
does it prevent your client from working with your tool ?
is it impacted by forthcoming work (e.g. will a new feature remove the feature causing the issue) ?
I don't believe you can resolve these issues in isolation. It requires project managers etc. with awareness of project direction and programmers with awareness of the codebase to work together to determine how/when issues should be addressed, and their impact on other work streams.
Initially you should have a support department that does triage on all newly added issues. They should be empowered and informed enough to decide whether this is a non-issue, whether there's a work-around or whether they don't know. If it's the latter then it should be elevated to programmers.
You might also want to include the testers in the chain if the support guys are unable to produce an adequate 'how to reproduce the problem' document for the programmers.
The way it works at our company is that the testers are asked to verify the client's issue, i.e. trying to reproduce it and document the steps taken to reproduce it. Then it gets logged as an official bug and assigned to a developer who can retake the tester's steps and hopefully fix the bug.
Testers can identify an issue. How can they resolve the same? Only the developer will be able to do it. Looks really strange where a tester is asked to resolve the issue.
Who deals with the clients? Liasing with clients is not a task normally associated with the technical staff.
You should have someone whose role it is to speak to the customers, find out exactly what the issue is and how the client would like it resolved so that it may be passed onto the most relevant person to address the issue.
I would say the logical way to do it is:
Testers should try to reproduce the problem and identify its source
Report the problem with steps to reproduce it to the programmers
It's not common usage to let testers solve the issues as the programmers won't get the feedback they need to avoid the issues in the future.
Testers - verify that the problem exists.
Programmers - solve the problem.
In between there is another part to this, which is "gather information about the problem". Usually this is a split between testers and programmers; exactly how balanced that load is depends on the team.
If you don't have the code, you can't fix bugs. It's as simple as that. At the very most you could fix configuration errors, but if the misconfiguration was caused by the program that's a short-term fix.

How have you ever interacted with a Nabaztag? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
The Nabaztag I ordered has arrived. I know there is an API to interact with the critter from your own software. Have also seen links to libraries in Perl and .NET among others, and have started work myself on a simple .NET Compact Framework 3.5 library for interacting with the bunny from my mobile phone.
I have seen at least one application claiming to interact with the Wifi bunny: the TFS Build Notification application by Rob Aquila. (Not related to this question, but this does look like a nice app to have running on a central monitor in a large TFS Team...)
I'm just curious to experiences by other people with the Nabaztag:
Have you ever used the Nabaztag API to interact with wireless rabbits?
What did you do? Is it freely available to try it out on my bunny?
How did you like working with the API? Did you just use the HTTP API yourself or did you use a library? And if so, which library did you use?
Even if you did nothing with the API yourself, what applications and/or websites do you know of that can interact with a Nabaztag?
Any other tips?
This is a bit of a shameless plug for my employer, but someone wrote a quick and dirty Perl script to make a bunny read out log events from ZXTM (Zeus Extensible Traffic Manager).
The Perl script (and further up that page, how to plug it into ZXTM)
Video of the bunny
VMware image of ZXTM suitable for use on a desktop to try this out
I extended the start on a python api wrapper that others had made, and have a few apps (ugly control panel, personal weather and traffic reader, Google calendar events of the day). They are all available for download at www.mcgurrin.com/nabaztag.
I created a CruiseControl.net plugin with it. Had some issues with the default API because it is not that good documented, so needed a lot of experimenting. Furthermore it is not that easy to develop to the default API.
So i made an .net API (c#) which abstracts the violet api away and gives you more help while developing, specially while creating choreographys (pain in butt they are Yoda would say).
Currently both are not available to the general public but i am in the process of releasing.
Things that can be neath to implement on your bunny, i don't know, local traffic information (nice to have) new releases for music you like, interfacing with your phone? (send command from phone to bunny)
Hey peSHIr, congrats for getting a rabbit. Now as violet got bought by Mindscape, it's sure it'll continue living...
I would like to develop funny stuff for the rabbit as well, but it seems like a big fuss and it's hard to get started - I checked out several APIs and proxys to get a grip on it - found many projects but either useless or outdated. Although it's written in PHP, the OpenNab Project seems to be one the fewer active around. Maybe worth to check it out?
http://opennab.sourceforge.net/
I hope Mindscape will provide a better API, or even better, open source the rabbit!

From admin to dev [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 12 years ago.
Improve this question
Recently a friend of mine had gone from a high level NOC position to a developer. Before that he was just doing the help desk stuff. He has no degree, only the usual MIS/networking certifications and as far as I know only tinkers with code on the weekends. I can see where in some scenarios having a good understanding of configurations, packets, users, OU's, etc would be extremely beneficial to a developer.
My question is this, how many full time developers started off this way? Even how many people dual wield the responsibility of developer/systems administrator/network administration?
I'm sure that this is a fairly common scenario. I've spent 12 years in I.T. and I find that as time goes on, the real income comes from being a specialist (DBA, coder, etc.) as opposed to a generalist (network admin, helpdesk).
It's actually the path that my career is taking. I'm not quite a full-time DBA or developer but that's where I'm heading.
I'm also willing to bet that the people skills I've picked up along the way (helpdesk support, network admin, systems analyst) will help me in my DBA/Developer career. Skills I don't feel I would have gotten had I jumped right in to a coding career.
Indeed. I think developers should know the platform they are building software for. If a dev has worked as sysadmin before, he will know how to integreate his software well. Some Windows-Desktop-App related "integration smells" that come to my mind:
App does not run unter normal-user privileges (run on properly secured enterprise desktops? oops!)
App requires write permissions to all kind of system folders (security? oops!)
App stores user settings in 'nonstandard' locations like %programfiles% (backup? permissions? oops!)
App does not provide silent-installable setups (deployment? oops!)
Etc..
A real sysadmin would never write software that has one of the above integration smells. Really.
It's quite common in small companies. I did that for some time - developing the software we sold to customers, keeping the network going, and adding features to the database as needed for a manufacturing company of fewer than 20 people.
You wear many hats in a small business.
But I started off programming microcontrollers in high school, so I can't claim this is where I started.
It is very helpful to have a working knowledge of all these systems as a developer.
-Adam
The overlap of developers and admins happens quite a bit. Our last admin developed on the side just so he'd have a better understanding of what he was helping support. When he left I became the admin just because I tinkered with admin stuff on the side to know how my software was being supported.
A broad understanding with a few focuses is what I'd say is best for any technical professional. Then with a bit of study you can change to meet whatever need may arise.
I've seen it more the other way where a programmer also "admins" the servers and sometimes network. I've definitely been in that position.
I would think it can easily go the other way as well where an admin can start programming systems, but from my experience it's not as common. Whenever I ask a server admin or network person "do you program too?" most of the time the answer is "no".
I think it might be easier for programmers to cross the line because when you are programming a system unless you always have an admin available you need to be able to set up your own environment and that usually includes setting up a server.
I started off as a NOC operator, eventually working my way up to a senior network engineer position. During the last 2-3 years of my tenure at my previous company, I picked up a fondness for programming and started teaching myself everything I could on my own time. Around 2005, I left said company for a small startup and still work there today as as the admin and primary developer.
The one challenge I impose upon myself is to not make admin changes at the drop of a hat to satisfy programming challenges. I must force myself to code in a way that any application I make can be redeployed elsewhere with minimal privileges, despite the fact that I can do pretty much anything I want with our own servers. It's a fine line between performing both duties well and performing one duty badly due to the needs of the other.
I'm here.
Although I've been tinkering with code since I was a child, my first full-time job was being a system administrator, a DBA and other related roles.
Afterwards I worked full time job as a developer, and now I'm both a developer and a security researcher.
Also, I managed to complete M.Sc in CS.
I believe that such transitions are possible, and very beneficial, as you get a wider view on your field of work.

Resources