Is there a way to disable collecting user signature when a deep-link is clicked? There is an opt-out via browser (do-not-track) but can we programmatically disable this behavior to prevent (arguably) sensitive information being collected when it's not relevant to the use case?
Alex from Branch here:
Without knowing exactly what sort of ‘user signature’ you are referring to here, this is tough to answer. We do collect certain data about the user’s device in order power the deep linking platform, and you can read about how this is used in our Privacy Policy. Branch of course does follow all relevant requirements from Apple and Google regarding use of private/sensitive user data, and any individual user may visit this page to opt out of all tracking and collection on the Branch platform: http://branch.app.link/optout
Related
when I’m in a sentry issue description page I can see some information collected by the sentry service and I’d like to avoid collecting them to avoid privacy issues.
The information that I’d like to not see are: app.device and user id as you can see here:
Is it possible? I’m concern about new apple privacy restrictions. I don't know if I understood them correctly, but it is necessary to explain to the user, using a pop up or something similar, that the app is using a third party software to collect data about "app crashing" and "app performance". Giving to the user the possibility to choose to not collect those data would bring to developers a lot of headaches.
I searched in all project settings and documentation but I found only a way to hide certain tags/data but the point is not hiding information, but not collecting them at all.
Thanks
The 'user.id' that Sentry creates is not an identifier that can be used to track the user across apps or devices. It's a random id created when the app runs for the first time and it's sent with all errors that happens.
The sole goal of this ID is to give the developer an idea of how many different users are affected by an issue. The developer (owner of the app) doesn't know exactly who the user is and if that same users reinstalls the app, a new id is generated so technically Sentry would report all new errors as a new user. Which is fine given the goal is to give an approximation of impact of an issue.
Developers might focus on issues that affect more customer than not.
That said, you can strip data in many ways. Through the SDK or in Sentry itself.
If you drop data in Sentry, that is done before the event is written to disk.
Sentry's documentation talks about Scrubbing Sensitive Data here.
Doing it on the SDK side, for example for React Native, you could do:
Sentry.init({
dsn: "https://examplePublicKey#o0.ingest.sentry.io/0",
beforeSend(event) {
// Modify the event here
if (event.user) {
// Don't send user id
delete event.user.id;
}
return event;
},
});
There's also a page talking about Data Privacy in the context of Google and Apple:
https://docs.sentry.io/product/security/mobile-privacy/
On the submission properties tab on my UWP application, I cannot select "No" for the "Does this product access, collect, or transmit personal information (data that could be used to identify a person)?" question.
It is saying "Based on the capabilities your submission declares, a privacy policy URL is required."
I have reviewed my capabilities (which is empty), and I am not using any personal information on my application.
If the internetCapability is enabled, you will be required to provide a privacy policy, as your app could theoretically send any personal data over the internet.
You can easily generate a privacy policy with a tool like this.
Although #Martin's response is technically correct, it's incomplete.
Because you are submitting a Desktop Bridge app (with runFullTrust capability) your app has access to essentially everything the user has access to, and thus internetClient is redundant (unless you also have UWP components like a background task). According to the Store product page, your app has access to "all system resources" so in your privacy policy you might want to mention more than just network usage - you could mention that you don't collect or use any personal data, won't read files or access the microphone or the camera or location etc. I don't believe that's required, but it might make customers feel better.
(Note that the Store text might change to something more descriptive in the future).
I am wanting to pull all users in my company dropbox and then check to see if their accounts have MFA enabled. I read over the documentation for Dropbox api but did not see anything stand out where this was possible.
It's very sad to realize that a popular platform such as Dropbox doesn't expose A LOT of basic features through its API (and the SDK itself is far from being OK, compared to G-Suite). Anyway, there are two hacky methods you can use in order to pull out that information (with some limitations).
First method:
By analyzing the team events using team_members_list() you can filter out tfa_change_status_details events. When new_value=TfaConfiguration('[sms|other]', None) is specified - 2FA is enabled.
The information I found out that can be retrieved using this method is:
has_2fa - whether 2FA was ever configured.
is_tfa_enabled - whether 2FA is currently enabled.
tfa_type - whether 2FA is by SMS or by app.
However, keep in mind that you have to track changes constantly and also keep in mind that Dropbox saves team events for only two years.
Second method:
Using the front-end dashboard API this information can be retrieved (I can't remember the API name, I think that it is /2/get_multifactor and inside you'd find some information about its status and the organizational policy regarding 2FA). However, to use the front-end dashboard API (which is totally undocumented) you'd need to simulate a successful login (and correctly use the lid and jar cookies) and you'd also need to bypass the random captcha that appears when you abuse the service with too many requests.
To be honest, Dropbox's API is weak, neglected, and ugly. I wish I never had to use it. Anyway, I would recommend using the first method and pray for a significant update to the API
No, unfortunately the Dropbox API doesn't expose this. We'll consider it a feature request.
There's a feature request open for this one (https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/MFA-status-for-users/m-p/468564#M23886). But I wouldn't hold your breath, as #Aviv mentioned the Dropbox API seems surprisingly neglected at the moment.
I have made an android application that enables advertisers to count the posts each one of their followers/followings have liked. this way they'll be able to understand which one of them is more active and which one is not, I also have added another feature for sending like requests to the followers/followings by leaving a like on their most recent post and leaving a comment that tells them "I liked your posts come and like my posts".
I registered a submission and explained everything as they wanted, but they declined my submission :(
Now my question is How should I explain it for them or WHAT CHANGES should I apply to my application so they approve it.
This is their answer:
General issues:
Invalid Use Case: The use case described in your submission notes,
screencast and website is not a valid use case. If you are trying to
build analytics for personal use or one-off projects, note that we do
not support one-off and single use projects. We recommend that you use
a third-party platform that powers this use case. If you are building
a platform for this use case, we will only approve one client ID for
all your integrations. For more information, please see:
https://www.instagram.com/developer/review/ Policy Violation ("Like",
"Follow", "Comment" Exchange Program): Your app shouldn't participate,
enable or promote any “like”, “share”, “comment” or “follower”
exchange programs. In working to build a high quality platform
experience, we ask that you comply with our Platform Policy
(http://wwww.instagram.com/about/legal/terms/api/).
I have to say my application is not a ONE-OFF application, as the number of liked posts vary from time to time, so the user will check this application almost every day.
I also have added another feature for sending like requests to the
followers/followings by leaving a like on their most recent post and
leaving a comment that tells them "I liked your posts come and like my
posts".
This is against the API policy:
Your app shouldn't participate, enable or promote any “like”, “share”,
“comment” or “follower” exchange programs.
In particular I'm interested in the possibility of getting an App Access Token with no expiration time, exactly as I do with Facebook.
I want to publish on behalf of the user via server, and I found very useful and convenient the Facebook's procedure in which we ask for the user permissions only the first time.
I have been working with this kind of social-networks interaction for merely three weeks, so I will be very happy to hear any type of suggestions or critics.
Google+ does not currently have a public write API. There are selected partners that they work with (such as HootSuite) that provide this feature, but they are making access to it available very slowly. See https://developers.google.com/+/api/pages-signup for further details.
Google+ does have a concept of Moments, which are activities that happen in your app that are reported to Google+ and which the user may later wish to share, or may make available to people in their circles on a limited non-notification basis. This is probably not what you want, but may serve some needs. See https://developers.google.com/+/api/latest/moments for more info and examples how to use it.
Simply, No there is no way to do that in Google+ in current time. In general, apps for Google plus is read only.