I know that iOS 4 and 5 do not allow the access of a user's phone number since its outside the sandbox of an application (if it needs to be accepted by apple).
I would like to know whether this has changed in iOS 7 - with permissions whether it can be accessed etc.
Thanks in advance.
No. Apple APIs do not provide access to this information. What's more, attempting to get this information without asking the user is generally considered a huge breach of privacy.
"For security reasons, iPhone OS restricts an application (including its preferences and data) to a unique location in the file system. This restriction is part of the security feature known as the application's "sandbox." The sandbox is a set of fine-grained controls limiting an application's access to files, preferences, network resources, hardware, and so on."
The device's phone number is not available within your application's container.
please find apple response in this link apple response
i found some thing interesting here this
thanks
Related
What considerations are needed when creating a web app that is intended to be used in an industrial plant setting for a company? My specific use case is an industrial facility with several different production plants that would each have its own device for the application interface.
How do companies enforce the usage of such apps on a monitor/tablet? For example, could I prevent them from using other stuff on the tablet?
Importantly, how would security work? They'd share a device. There may be multiple operators that use the app in a given shift. Would they all use the same authentication session (this is not preferable, as I'd like to uniquely identify the active user)? Obviously I could use standard username/passwords with token based sessions that expire, however, this leaves a lot of potential for account hijacking. Ideally, they'd be able to log on very quickly (PIN, perhaps?) and their session would end when they are done.
As long as there is internet connection, I would presume that there isn't much pro/con regarding the use of native applications versus web based or progressive web apps. Is this assumption correct?
What's the best way of identifying which device the application is being run on?
Is this a common thing to do in general? What other technologies are used to create software that obtains input from industrial operators?
--
Update - this is a good higher level consideration of the question at hand, however, it has become apparent why focused, specific questions are helpful. As such, I will follow up with questions that are specific.
Identifying the Area/Device a Web Application is Accessed On
Enforcing Specific Application Use on Tablets
Best Practices for Web App Authentication in Industrial Settings
I'm not able to answer everything in great detail but here are a few pointers. In the environment as you describe we usually see these two options. 1) you tell them what you need, internet, security, if they give you device and how it will be configured 2) they tell you exactly what you need to deliver.
I do not think you can 100% prevent them. We did it by providing the tablet( well laptops in our case) and the OS configuration took care of that, downside we had few devices to support. You seem to hint that there is always an internet connection so I guess you can collect all info about the system and send it back to you daily?
We were allowed to "tap" into their attendance SW and when you entered the facility you were able to use your 4 digit pin to log in if you were out of premisses you could not log in at all. I can imagine the following: you log in with your username and password - this does full verification, after that, you can use 4 digit pin to login for next n hours.
maybe, kinda, depends on what you are doing. Does the browser have all features you need? Our system needs multicast to perform really fast, so we have a native app
touched on this in 1. You could also use device enrolment process. You can also contractually force them that there will be only your software and it may invalidate support contract. It really depends on your creativity. My favourite( and it works - just tell them, there will only be installed my software and if not you will pay me double for support. I only saw one customer who installed some crap on the device when there were told not to
it really depends on what industry you are talking about, every industry is different. We almost always build a custom solution
The enforcement of the device/app usage depends on the customer, if the customer asked for help in the enforcement, then you can provide guide, training and workshops. If the customer serious about the enforcement then it will be a policy that's adapted by all the organization from top to down. Usually seniors will resist a workflow change more than juniors, so top management/executive should deal with that. Real life story: SAP team took 6 months to transform major newspaper workflow, during that few seniors got fired because they refuse to adapt the change.
Security shouldn't handicap the users, usually in industrial environment the network is isolated or at least restricted through VPN to connect multiple sites (plants in your case), regarding the active user: we usually provide guide/training/workshop for the users and inform them that using colleague account or device will prevent the system from tracking your accomplishment/tasks, so each user is responsible to make sure the active account/device is the one assigned to him/her.
It depends, with native you have more controls than web, but if the app is just doing monitoring then most of today apps use web for monitoring and the common way to receive input is REST APIs (even if the industrial devices doesn't support REST API, a middleware could be written to transform the output). If you need more depth about native vs web you need to ask new question with more details about the requirements.
Depends on the tech you are using (native or web), and things I mentioned in point 2: you can use whitelist of devices that's allowed to run the app. overall there are many best ways to track down the device.
How common in general? I think such information can only be achieved by survey, the world full of variations. And having something common not mean its safe or best, our industry keep changing at all levels. So to stay in the loop, we must keep learning and self-updating without reboot.
On the submission properties tab on my UWP application, I cannot select "No" for the "Does this product access, collect, or transmit personal information (data that could be used to identify a person)?" question.
It is saying "Based on the capabilities your submission declares, a privacy policy URL is required."
I have reviewed my capabilities (which is empty), and I am not using any personal information on my application.
If the internetCapability is enabled, you will be required to provide a privacy policy, as your app could theoretically send any personal data over the internet.
You can easily generate a privacy policy with a tool like this.
Although #Martin's response is technically correct, it's incomplete.
Because you are submitting a Desktop Bridge app (with runFullTrust capability) your app has access to essentially everything the user has access to, and thus internetClient is redundant (unless you also have UWP components like a background task). According to the Store product page, your app has access to "all system resources" so in your privacy policy you might want to mention more than just network usage - you could mention that you don't collect or use any personal data, won't read files or access the microphone or the camera or location etc. I don't believe that's required, but it might make customers feel better.
(Note that the Store text might change to something more descriptive in the future).
My app needs the 'always' location permission. Apple complicated location permission options if apps ask for 'always' directly, so I started asking for 'while using' and then 'always'. This gives the user a first dialog, for 'while using', with buttons of 'Don't Allow' and 'Allow', which is great. However, I'd like the next dialog to have these same buttons (assuming they allow 'while using'), and I was getting this before my upgrade to iOS 11 Beta 5 (I'm not sure - I might have skipped a couple betas).
With iOS 11 Beta 5, I see complicated button text (like 'While using the app' and 'Always' instead of 'Don't Allow'/'Allow') EVEN IF the 'while using' permission is already granted.
I want to give users the simpler options. I think users read these permission dialogs about as often as they read EULAs, and that if it's not a simple allow/don't allow, most will just pick a random option instead of reading, and my app won't have the permission it needs.
Is this possible with the latest iOS 11 Beta? And will it be possible in the final iOS 11? I thought this was what Apple was suggesting - here's some advice (from https://m.rover.io/wwdc-2017-update-significant-updates-to-location-permissions-coming-with-ios-11-41f96001f87f):
For those seeking always permission levels, Apple is now recommending a new permission flow which is essentially a two-phased approach. The first phase or initial onboarding, should only ask for ‘when in use’ permissions...
The dialog stays the same for iOS 11.
With requestWhenInUseAuthorization() iOS will present these options:
If the user allowed location access while in use and you later ask to always access location with requestAlwaysAuthorization(), iOS will present these options. You are already getting the benefit here that Don't Allow Any Access is not offered:
If you ask for requestAlwaysAuthorization() right away before asking for requestWhenInUseAuthorization(), iOS will present these options:
So solve your problem, it is advisable to not just request the iOS dialogs but prepare the user with your own pre-dialog. Only request the iOS dialogs when you are sure that the user will accept. This will lower the chances that a user denies access this time, but maybe would have allowed access in other circumstances. Once the user denies, you cannot request the iOS dialogs anymore.
On a general note:
I think users read these permission dialogs about as often as they
read EULAs
Frankly said, that should not be the fundamental assumption on which we develop app workflows and govern user privacy.
Tech companies and the public discourse are increasingly focusing on user privacy. Giving choices is clearly not enough, part of the job is educating users that granting their location 24/7 to some possibly unknown hobby developer or a company in a country with unknown data protection laws is not the same as clicking Yes on an EULA. Also legal changes require that sharing of such sensitive information as your live location cannot be hidden somewhere in an EULA but must be explicitly opted-in by the user.
Thankfully the efforts of companies like Apple ensure responsible access to user data for developers to build great features. This can only be done by giving the choice to the users through conspicuous prompts like the one you are referring to. Because the alternative could be no data sharing or higher hurdles by law.
Update March 2018
To emphasize on the point made above: The recent lack of trust in tech regarding data privacy (Facebook & Cambridge Analytica) confirmed how important is it to understand the responsibility that comes with personal data. The result will be more external regulation - and rightly so. The conclusion for designing data access permission workflows can only be to inform and educate users and to transparently disclose what data is used for what purpose and give an easy to access option to un-share / delete data.
Update May 2018
With the European Union's General Data Protection Regulation (GDPR) coming into effect, it also became mandatory that you need to communicate information about how you process personal data in a way that’s concise, transparent, intelligible, easily accessible and in clear and plain language.
Is it possible on iOS to access another app's file data? On Android, that seems possible according to following URL.
Sharing files/ installation directory between two apps
No, that is not possible.
All iOS apps are sandboxed (at least on non-jailbroken devices), and while keychain data can be shared (between Apps that share their Bundle Seed ID), doing the same for file-based data is currently not possible.
What you CAN do is pass data to other apps by exchanging them via a server or call a URL scheme that another app has registered. Apple says:
Using a URL-based syntax, you can access data from the Web, as well as
pass information to other installed applications, such as Mail,
iTunes, and YouTube. Your own application can declare a unique URL
scheme, allowing any application to collaborate and share data with
your app.
It depends on what kind of data. In fact, iOS apps may only share keychain data. From Apple's doc :
An app ID has two parts: the team ID followed by the bundle ID search
string. The team ID is a 10-character string generated by Apple. Each
development team is assigned a unique team ID used to identify all
your apps. The team ID allows you to share keychain data between apps.
Apps with the same team ID can share data, such as usernames and
passwords. A bundle ID search string is traditionally a
reverse-domain-name style string. It’s the string you use in Xcode as
the bundle ID.
I've never done this, but there must be many tutorials on how to do this.
It is not possible to access other app's data installed on any Apple device. It is restricted by apple.
Anyways you can try it on JailBreaked devices. These operations are handled by Apple Private API's. Which you cant access in regular devices.
If you get access to them/used in your application, apple will reject your application.
Is going through the Windows Shop within Windows 8 the only way to know about the apps that are currently available (and if an app idea is already taken)? I've seen Windows 8 app links like this one -
http://apps.microsoft.com/webpdp/en-in/app/bigflix/cd3aa73b-e60e-44b6-bbe9-6898050a3502
...but going to the root site throws a "403 - Forbidden: Access is denied" and a search for "Windows 8 Store" doesn't provide any useful results. I guess there will be something after the official Windows 8 launch but is there anything else I'm missing? As a developer, I would love to see a summary listing of apps that shows a brief description, its features and Capabilities used.
Unfortunately for us, Microsoft is not providing any such information regarding the Store apps. All we can do is glean a bit from here and there. Zdnet has mentioned the number of apps, for example.
Have a look here and here
This link in particular maybe of some use because it provides estimated app category breakdown.
I created site http://metrostorescanner.com/ to see what's new in apps for all countries (but you can also use country filter).
I found a file with a site map that you may be able to use for a listing of apps:
http://apps.microsoft.com/webpdp/sitemap/sitemap_1.xml
http://www.greatwindowsapps.com is a searchable directory on the web. It's not the entire Store, the content is filtered to remove poor quality apps. Disclosure: this is my site, so clearly I think that's an advantage :)
http://drunktester.azurewebsites.net/ is the full Store using the Australian content. He published the source code (https://github.com/VikingCode/DrunkStore) so you could set this up for any country if you wished.
Update - It is now possible to search for Windows Store & Windows Phone apps even from non-Windows 8 machines and also view apps by category from the official Microsoft websites.
As #mamata-dalal & #gyurisc have mentioned, there is currently no official Windows 8 app directory.
I came across the website Windows8Apps (though not perfect) that comes close to what I'm looking for.
Currently there is no other place than the Windows 8 Store is the only place, but I am sure soon there will be plenty of sites categorizing these apps.