Firebase & One Signal Push Notifications Guidance - firebase

I have been playing around with One Signal & Firebase Push Notification.
I am almost sure One Signal cannot help me and am starting to feel Firebase might also not be able to help me.
We have a web app that allows regular authors to post articles. It also allows users to comment on the article using Firebase synced realtime database.
I want to create functionality where users can get a push notification for article-specific comment treads. The room ID will be the article ID. If both allow push notification generally from our app and has commented on an article, they subscribe to this article comment tread solely. They can also click a button at this specific article comment thread and unsubscribe to this article comment thread if they want.
So we may have thousands of articles and hundreds of comments in each article, to put it lightly.
I quickly moved away from One Signal when I didn't feel like I could have a separate "Segment" for each article, I wasn't certain this is allowed? Thoughts there?
Throughout my exploration of Firebase I just came across this comment in their documentation in relation to groups (Which I was hoping could be my article room).
"The maximum number of members allowed for a notification key is 20" found here. A key is a group key from my understanding. This won't work because what if there are more than 20 users in a comment thread. I looked up the most popular commented threads ever to find numbers like 500. This means my system would have to be able to support large numbers of users per article tread.
Additionally One Signal Tags and Social activities look like could be investigated, but my general question is not specific, its more a wider general question. I am hoping someone with experience can give some guidance and good tips on best way to approach this problem. Are Push notification even allowed on such a scale I am wondering?
A scaling examples
1000 Articles with 100s of different users commenting on each article. A user may only receive a push notification on articles which he has commented in only.
(Assuming he has allowed push notification site-wide first and not blocked us or unsubscribed from the site entirely. Subscribing to the site doesn't automatically subscribe you to anything specific, just means you willing to be subscribed to something and have control which things easily)
Ok thanks for reading and looking forward to hearing from someone with this experience and share their experience.
Daniel Gadd # GaddBox

Maybe it's a bit late.
You have to use topics.
FCM topic messaging allows you to send a message to multiple devices that have opted in to a particular topic. You compose topic messages as needed, and FCM handles routing and delivering the message reliably to the right devices.
In your case, every Article is a topic.

Related

FCM topic limits and expiration/invalidation of old unused topics?

I have been using FCM topics for a while now, but the documentation is very limited and most searches leads to the same pages, so I am asking here, in hope someone has enough experience on the subject to answer my questions.
I am wondering if there is a limit to how many topics are allowed and what happens to topics that are no longer in use? I mean, when will a topic be invalid?
I have had issues where unsubscribing from a topic didn't seem to work, even if I get a positive response back or other times the notifications have been sent twice.
To get around this, I am currently making a new command, but unlike before, every time the command is run, I will subscribe tokens to a unique topic, send the notification, unsubscribe token and then that topic will never be used again. This is a way for me to have better control over which users gets subscribed to certain topics, as FCM offers no help with this, that I am aware of.
So here my question is, should I unsubscribe all the tokens again afterwards, letting FCM know that it is no longer in use, or would that be pointless to do? (In case they have some sort of clean up in place)
Hope someone can guide me in the right direction.
I am wondering if there is a limit to how many topics are allowed...
No limit.
...what happens to topics that are no longer in use? I mean, when will a topic be invalid?
A topic is created when there is at least 1 subscriber and it also gets automatically deleted when there are no more subscribers.
To get around this, I am currently making a new command, but unlike before, every time the command is run, I will subscribe tokens to a unique topic, send the notification, unsubscribe token and then that topic will never be used again. This is a way for me to have better control over which users gets subscribed to certain topics, as FCM offers no help with this, that I am aware of.
This use case doesn't seem to be wrong per se. It's just a bit unconventional (although I'm pretty sure I suggested something like this before).
Currently, with FCM v1, the registration_ids parameter (used to send to multiple token -- 1000 each request) is no longer advised. FCM team seems to be moving towards using topics for sending to multiple tokens. With that said, IMHO, I think the use case is valid.

Android notification channel maximum count

I am new to implement Android notification channel in Oreo. What is the maximum number of notification channels for a single application. Can we create unlimited channels or it has some count?
As far as I know there is no limit on the number of channels an app can create. The only purpose of NotificationChannel is to give more control of notification behavior to the user. It is no way to reduce the number of notification per app.
You can read about Notification Channel in detail at Create and Display Notification on Android Oreo | With Example
There is a limit that is not documented on the number of channels you can have at the same time, but no limit on how many times you can create a channel, as long as you have deleted other channels.
The file PreferencesHelper.java contains a limit that is currently set to 50.000
https://android.googlesource.com/platform/frameworks/base/+/refs/heads/master/services/core/java/com/android/server/notification/PreferencesHelper.java
And this is being used to restrict the creation of more channels when it goes over that limit, throwing the exception "Limit exceed; cannot create more channels"
Unfortunately that value is not publicly accessible, so any limit check you might want to implement will have to be hardcoded by yourself. My suggestion is to set your own limit to a number that you think starts being unreasonable, and when that is reached you run a check on your notification channels to figure out what is going on, and fix it. For example, if your app will never need more than 5 channels to be created, then setting the limit to 6 would be a good way to start.
The commit https://github.com/aosp-mirror/platform_frameworks_base/commit/f528b337dd48b7e8071269e07e610bd4a3668c75 update the max notification channel to 5.000
Coming with Android Oreo, Notification Channels are something a developer uses to break down the notifications his or her app can give to us by type. The channels are decided by the people doing the developing, and the idea is to give us a way to separate out the notifications that are important to us from the ones that aren't, then decide how they will be shown. Some apps will have a lot of different channels. Some will have just a few and some will have only one.
In versions of Android before O, a developer used what was called a priority level to decide how to show you a notification. If they felt the notification was important, they could set it to peek (show a visual indication on your screen) or make a sound, or both. If they felt it wasn't it would just be placed in the tray for you to see the next time you went through them.
Now they break things out into channels and we get to decide how each type of notification is displayed. All notifications of the same type (for example, a reply on your Twitter feed) are placed into the same channel without any other types of notification grouped with them.
As a bonus, apps that allow us to use more than one account can have channels for each combined — your personal email and work email can follow the same rules and show you things the same way no matter which accounts received the notification.
You should read this:
https://developer.android.com/guide/topics/ui/notifiers/notifications.html#ManageChannels
Example:

Wondering how to achieve this (sharing WP page via email and tracking it)

So the following which I'm writing is just to discuss whether something like this is even possible or if any of you would have any better ideas/suggestions or understanding how this might work. I thank anyone who takes time to read this in advance and I hope I don't explain myself too incoherently:
Let's say I have a page in WordPress which has a little bit of text and a video. Basicly I would like to share that page's link or I'd want to forward that page via e-mail to a certain group of people (let's say 10-50 specifically chosen people) and I want to track who of them opened the link and for how long they were on the page or watched the video.
I would like to make this happen in a way that I wouldn't have to make 50 different pages or 50 different URLs for each person (or 50 different tracking strings for that matter). Or that I wouldn't have to take a newsletter-mailer type page in between this process.
Basicly, I would like to make the sharing/forwarding and analytics overview process as easy as possible, so that an admin or moderator wouldn't have to check too many different pages to get the info.
I really appreciate any and all feedback.
[Also really sorry if I posted this in the wrong place. Please feel free to redirect me to a corresponding slot].
Technically, Google Analytics isn't meant to be used to track this specifically- it's typically meant to track groups of anonymized users. That being said, it is capable of doing this (but may not be as automated as you had hoped).
You are correct in thinking that you'd either need to duplicate the pages or create multiple different campaign URLs.
The other thing to keep in mind is that as emails are forwarded, there is no way to update the URL after the email has been sent, so if you email me and I forward it to someone else who clicks through, you're going to think someone else is me.
One way around this would be if you know your users IP addresses (not only is that a big "if", but it can also be spoofed), or some other uniquely identifying feature (any chance these people have signed-up through your website and have actual user IDs? That'd make things infinitely easier!).
Maybe you could customize the email to add their email address as a query string? That could still require a lot of work (and you couldn't just share a single link).
Now, you can not store personally identifiable info in GA (including IP and email addresses), but at the server-level you could assign a custom dimension with a uniquely generated ID and send that to GA. Now you've got all the info you need!
Unfortunately this method only works if you can detect some kind of "fingerprint" of your users.
Unfortunately what you described isn't quite what Google Analytics was designed to do. If you wanted to get into detailed user-specific tracking, I'd advise you look into a CRM. Those systems are designed specifically for user tracking as you described.
Hope that gets you pointed in the right direction.

RSS: Does it push signals out indicating new content?

Quick question:
When I'm in Google Reader, it will flash and pop up a new number of unread items indicating that a new article has just been published (typically <1 minute after the blog's "published date"). Does Google just constantly ping every blog I'm subscribed to, or does the RSS standard have some sort of "signal" that it puts out to subscribing agents when new content it put up?
Thanks for any clarification!
I'm currently running an app that is based on RSS feeds, but I have a cron job running hourly to scour the interwebs for new content, but I'd love to know more about how to solve the "I need realtime" problem without overstaying my API call welcome.
" Does Google just constantly ping every blog I'm subscribed to"
Yes.
"does the RSS standard have some sort of "signal" that it puts out"
No.
If you want real time information, contact the vendor and pay them to send you stuff. Seriously. If information has value, then timely information has more value. If you want it sooner, you have to pay to get it before the folks who are getting it for free.

Is there a reliable way to prevent cheating in a web based contest where anonymous users can vote?

I'm working on a web-based contest which is supposed to allow anonymous users to vote, but we want to prevent them from voting more than once. IP based limits can be bypassed with anonymous proxies, users can clear cookies, etc. It's possible to use a Silverlight application, which would have access to isolated storage, but users can still clear that.
I don't think it's possible to do this without some joker voting himself up with a bot or something. Got an idea?
The short answer is: no. The longer answer is: but you can make it arbitrarily difficult. What I would do:
Voting requires solving a captcha (to avoid as much as possible automated voting). To be even more effective I would recommend to have prepared multiple types of simple captchas (like "pick the photo with the cat", "what is 2+2", "type in the word", etc) and rotate them both by the time of the day and by IP, which should make automatic systems ineffective (ie if somebody using IP A creates a bot to solve the captcha, this will become useless the next day or if s/he distributes it onto other computers/uses proxies)
When filtering by IP you should be careful to consider situations where multiple hosts are behind one public IP (AFAIK AOL proxies all of their customers through a few IPs - so such a limitation would effectively ban AOL users). Also, many proxies send along headers pointing to the original IP (like X-Forwarded-For), so you can take a look at that too.
Finally, using something like FSO (Flash Shared Objects - "Flash cookies") is obscure enough for 99.99% of the people not to know about. Silverlight is even more obscure. To be even sneakier, you could buy an other domain and set the FSO from that domain (so, if the user is looking for FSO's set by your domain, they won't see any)
None of these methods is 100%, but hopefully combined they give you the level of assurance you need. If you want to take this a level higher, you need to add some kind of user registration (which can be as simple as asking a valid e-mail address when the vote occurs and sending a confirmation link to the given address and not counting the votes for which the link wasn't clicked - so it doesn't need to be a full-fledged "create an account with username / password / firs name / last name / etc").
No, you can't, and it only takes one person and a willing forum to change the outcome of an online vote.
You have to realize the inherent flaws of an online vote and rather than attempting to get around them try to use them to your advantage.
-Adam
You can certainly make it difficult.
What about building a user profile with such things as ip address, browser useragent, machine name, and whatever other information you can get.
Store the profile for each user, then if you receive a profile which is similar enough to one already in the database (you'll have to tweak that) you can throw out that vote.
I imagine you can probably build a better profile using silverlight, though I'm not sure what information that gives you access to.
Client-side solutions are out for the reasons you listed -- they can be manipulated by the user. Server-side solutions -- as you said -- can be fooled and bypassed.
If you're willing to accept the fact that you can't really be 100% sure that you're getting exactly one vote per person, then there are some measures you can take to reduce the noise.
Use a CAPTCHA in your vote-submission form to make it harder for bots and scripts to vote.
Limit the number of votes per IP address to one.
Consider requiring registration in order to vote. (I know this defeats part of your original question, but it gives you a greater degree of control over the voting.)
That's a good start.
my personal experience in contest developing and monitoring tells me that no, there is no reliable way to avoid cheating if you let anonymous users vote (or do anything that lets them participate in the contest).
you could play with IP, introduce delays between an action and the next, but it's really difficult: the best way is introduce a captcha or something similar, if applicable in your particular situation.
best of all, don't let anonymous users participate: let them "play" and access to a simulation, but the contest needs a login.
Nope, it's the user's computer and they're in control.
Unfortunately the only solution is to bring it back on your court so to speak and require authentication.
However, a CAPTCHA helps limit the votes to human users at least.
Of course even with authentication you can't enforce single voting because then they teach the bots to register...
I have to agree that the short answer is no...though if you look at my recent answer here: How to anonymously identify a user and store that information you certainly can get it within a 6 percent margin of error.

Resources