I have made an android application that enables advertisers to count the posts each one of their followers/followings have liked. this way they'll be able to understand which one of them is more active and which one is not, I also have added another feature for sending like requests to the followers/followings by leaving a like on their most recent post and leaving a comment that tells them "I liked your posts come and like my posts".
I registered a submission and explained everything as they wanted, but they declined my submission :(
Now my question is How should I explain it for them or WHAT CHANGES should I apply to my application so they approve it.
This is their answer:
General issues:
Invalid Use Case: The use case described in your submission notes,
screencast and website is not a valid use case. If you are trying to
build analytics for personal use or one-off projects, note that we do
not support one-off and single use projects. We recommend that you use
a third-party platform that powers this use case. If you are building
a platform for this use case, we will only approve one client ID for
all your integrations. For more information, please see:
https://www.instagram.com/developer/review/ Policy Violation ("Like",
"Follow", "Comment" Exchange Program): Your app shouldn't participate,
enable or promote any “like”, “share”, “comment” or “follower”
exchange programs. In working to build a high quality platform
experience, we ask that you comply with our Platform Policy
(http://wwww.instagram.com/about/legal/terms/api/).
I have to say my application is not a ONE-OFF application, as the number of liked posts vary from time to time, so the user will check this application almost every day.
I also have added another feature for sending like requests to the
followers/followings by leaving a like on their most recent post and
leaving a comment that tells them "I liked your posts come and like my
posts".
This is against the API policy:
Your app shouldn't participate, enable or promote any “like”, “share”,
“comment” or “follower” exchange programs.
Related
I recently asked this question and user's #DalmTo and #Sergio NH they gave me an exhaustive answer for which I thank them very much.
Moving forward to question, we started publishing the application, and its verification was not required, since no scope was added (here it is a little unclear why the requests worked in an application with a test mode in which these scope were not added (google drive, google sheet and google ads)).
However, this time the application in the "In Production" mode began to give us an "Unverified app screen" (see Unverified app screen). We decided that we still need to add scope to the list, and, of course, that the scope list (their list is described above) requires verification by Google.
We started filling in the necessary fields, while studying the Google documentation at the same time, and came across the following information (see block Verification process -> What are the requirements for verification?):
Apps not applicable for verification
Apps for internal use only
(single domain use) Apps for personal use only Apps that are Gmail
SMTP plugins for WordPress Apps that are in development or
staging/testing
Apps for personal use only
And this is just our case: we have already received permission from Google Ads and are just generating simple reports that we want to integrate with Google Sheet. I.e., this is an elementary script that works within this account (however, we still need to request the first concert screen, even for this developer account) and cannot be distributed to any other accounts.
But when adding our scope, Google requires us to pass verification, forcing us to fill in the required fields, in the form of domains and their verification via the Search Console (we have already done this and this stage does not cause difficulties) and links to Youtube videos - where we must show how scope is used.
And just this stage is not clear. We do not allow other people's accounts to connect to this application, and the software does not have any interface, it is just a script that receives data from Google Ads and saves it to Google Sheet (creating a file via Google Drive). We have described all this in the scope usage description field. But the link to the Youtube video is require field, and we sincerely do not understand why (considering our case) we should record something, and most importantly, what exactly we should record in this case. If the documentation itself says that in our case we do not even need a verification.
Maybe we did not understand something and now we are doing it wrong? We will be glad to receive any tips from experts working with Google Cloud Console and apologize in advance for broken English.
We also apologize in advance to the StackOverflow community that we have to publish such elementary (which we are absolutely sure of from our side) questions here. We come here from Google Cloud Console - > Support - > Community support, and we must first try to publish posts in the Google Groups specified there, but they simply do not answer us, apparently considering our questions too elementary and not worthy of attention (however, these same questions in Google Groups are moderated) (for example, the previous question). And we are no longer able to contact any other support. Once again, we apologize for having to ask about this here.
It is true that if your app is a single use app then you do not need to be verified.
However if you don't get your app verified then there will be some restrictions.
you will see the unverified app screen
your refresh tokens will probably only be good for two weeks.
In the case of the YouTube api uploaded videos will be suck private.
If you can live with those points then you don't need to verify your app and you can continue as is.
If on the other hand you don't want to see the unverified app screen and you want a refresh token that will last longer then two weeks. You will need to verify your app. Yes, Even if your app is a console application running as a job some where you still show the consent screen. This is the YouTube video you will need to show Google. Show the consent screen popping up show the URL bar and then show your script running. You also need to set up the homepage and privacy policy screens. Yes i 100% agree with you that this is silly.
When you go though the process. Explain to google that this is a single use script running as a job some where.
Unfortunately when Google changed it so that Refresh tokens expire for unverified apps they pretty much tied the hands of all developers who are running such single user scripts. We now have to get our apps verified if we don't want to have to request a new refresh token every two weeks.
If your program needs to access the requested scopes of the Google account privacy, even though the user is yourself, you also need to provide a youtube video to demonstrate how you use this program. The auditor cannot guarantee whether you will make this program public.
I am wanting to pull all users in my company dropbox and then check to see if their accounts have MFA enabled. I read over the documentation for Dropbox api but did not see anything stand out where this was possible.
It's very sad to realize that a popular platform such as Dropbox doesn't expose A LOT of basic features through its API (and the SDK itself is far from being OK, compared to G-Suite). Anyway, there are two hacky methods you can use in order to pull out that information (with some limitations).
First method:
By analyzing the team events using team_members_list() you can filter out tfa_change_status_details events. When new_value=TfaConfiguration('[sms|other]', None) is specified - 2FA is enabled.
The information I found out that can be retrieved using this method is:
has_2fa - whether 2FA was ever configured.
is_tfa_enabled - whether 2FA is currently enabled.
tfa_type - whether 2FA is by SMS or by app.
However, keep in mind that you have to track changes constantly and also keep in mind that Dropbox saves team events for only two years.
Second method:
Using the front-end dashboard API this information can be retrieved (I can't remember the API name, I think that it is /2/get_multifactor and inside you'd find some information about its status and the organizational policy regarding 2FA). However, to use the front-end dashboard API (which is totally undocumented) you'd need to simulate a successful login (and correctly use the lid and jar cookies) and you'd also need to bypass the random captcha that appears when you abuse the service with too many requests.
To be honest, Dropbox's API is weak, neglected, and ugly. I wish I never had to use it. Anyway, I would recommend using the first method and pray for a significant update to the API
No, unfortunately the Dropbox API doesn't expose this. We'll consider it a feature request.
There's a feature request open for this one (https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/MFA-status-for-users/m-p/468564#M23886). But I wouldn't hold your breath, as #Aviv mentioned the Dropbox API seems surprisingly neglected at the moment.
So, I stepped once at this problem. I had offered a website that used the SoundCloud API. Everything worked properly. Content was extracted from the JSON and placed in the layout of the website. However, I received an email one day from the owner of the website, which indicated that the website did not work properly. I then came out to investigate and came to the conclusion that the "problem" was not on my side, but at SoundCloud's side. I studied on the API page of SoundCloud and came to the conclusion that the API had received a major update, making the link with SC and the site no longer worked.
Lately I'm trying many new APIs to, including those from Instagram and Dribbble. I was therefore wondering if it is at all possible to ensure that such problems can be reduced in the future or it might be appropriate API pages of this third-party APIs to monitor?
There's no "right" answer. After many years of using and maintaining many APIs here are some of the conclusions I've come to:
The best providers let you work with a specific version of their API whose interface and expected behavior never changes. They might release bug fixes and new endpoints, but you can be confident that as long as the API is supported it will not break your system.
A good provider will provide an end-of-life date for each version of their API. It's up to you to keep track of when you need to update.
Paid services will often be supported longer than free services. Plus the contract / SLA will guarantee it remains available for a specific amount of time.
The most popular APIs often have mailing lists and/or blogs. For those that offer it, sign up to be notified of updates. For those that don't you'll have to monitor their blogs or news posts. And I suggest not using any service that would drop support for an API version without warning.
When installing the latest intellij, I was reading the privacy policy and came across this:
We use third party service providers as discussed in this section. We also use third party service providers in other circumstances; a complete list of the reasons in which we use third party service providers can be found here.
The word "here" links to this page, which as of this writing contains only a list of links to other privacy policies, and NO information about how these 3rd parties are used or what data is shared with them (despite the text in the policy itself claiming the page contains this information).
Does anyone know HOW and WHEN the following services (copied from the above wiki page in case it changes) are used by Intellij?
Survey Gizmo
Statwing
QuickTap Survey
Facebook
Google
Microsoft
LinkedIn
Yandex
Twitter
Adyen
Crazy Egg
The survey ones are fairly obvious what's probably going on, but what data, is shared and under what circumstances with some of the others could be important. In some cases folks might be working on projects meant to be kept secret, or might have personal or ethical reasons to avoid having a presence on some of those services. Without knowledge of which features send data to these providers, and what data is sent it's hard to agree to the policy.
One might also argue that the failure to specify as claimed in the policy means they don't get to send any data, but nobody wants to bother with that legal mess... particularly since they could change their wiki after the fact, and then one has to prove what it said at the time etc. The alternate argument is that the lack of specification implies they might share any and all data...
Does anyone know of better information about how Intellij uses these providers? Googling just got me lots of links on how to install Facebook SDK etc...
The privacy policy page shows links to the privacy policies of services used by the JetBrains Web site, marketing activities etc. As of version 2016.2 and all earlier versions, IntelliJ IDEA does not connect to any of those services, or send any data to them, from the product itself. I (a member of the JetBrains management team) am also not aware of any plans to start doing so in the future.
(Note that third-party plugins not developed by JetBrains do sometimes use those services.)
None of our downloadable IDE's or tools send back any sort of confidential information at all. The only information that is sent is anonymous usage data and ONLY with the consent of the user. Even accepting the Privacy Policy does not imply you have to send back data. It's completely opt-in.
Beyond that, the only other information sent is performance data, exceptions and other information which again requires explicit user action and consent.
The Privacy Policy covers every software and service we provide at JetBrains, including but not limited to our installable tools, services, our web sites, surveys we may run etc. The services you mention are all related to our web site, e-shop, social media promotions, any advertising campaign and/or any surveys we may run. Our tools do not use any of those services.
Concurring with my colleague Dmitri, we do not however control what individual plugins may or may not do.
We do appreciate your feedback however and we will take steps to make it clearer on the page.
In particular I'm interested in the possibility of getting an App Access Token with no expiration time, exactly as I do with Facebook.
I want to publish on behalf of the user via server, and I found very useful and convenient the Facebook's procedure in which we ask for the user permissions only the first time.
I have been working with this kind of social-networks interaction for merely three weeks, so I will be very happy to hear any type of suggestions or critics.
Google+ does not currently have a public write API. There are selected partners that they work with (such as HootSuite) that provide this feature, but they are making access to it available very slowly. See https://developers.google.com/+/api/pages-signup for further details.
Google+ does have a concept of Moments, which are activities that happen in your app that are reported to Google+ and which the user may later wish to share, or may make available to people in their circles on a limited non-notification basis. This is probably not what you want, but may serve some needs. See https://developers.google.com/+/api/latest/moments for more info and examples how to use it.
Simply, No there is no way to do that in Google+ in current time. In general, apps for Google plus is read only.