I use a backup app to backup SMS text messages to my GMail account registered on my HTC Desire Z Android 2.3 phone.
The app requests access to the gmail account. But what does this actually mean? Does it mean:
the application has write-only access to the gmail - i.e. can insert emails but not delete or adjust other existing emails (does the Android API provide for that?)
the application has full access to the email, and could potentially delete emails if there was a bug
First off: this question doesn't seem to belong on Stackoverflow. This site is for asking specific questions about coding problems, not about how some code in some program based on some SDK on some device may or may not work.
If an application can access your Gmail account, as far as I know, this means full control, including deletion.
That doesn't have to mean there is actual code in the program that even tries to delete something, but I guess you're right: coding bugs could probably delete your email.
But that goes for a lot of applications: you trust the developer to test extensively before you rely on him/ her to handle your photos, email, passwords etc with care right? :)
Related
As a dev I have inherited a Google app that is not verified.
The app was left mid-way through the verification process, and the email thread mentioned on the OAuth consent screen section has long since been deleted (I have access to said admin email address, and it isn't there):
I have looked through google help resources and stack overflow questions such as this:
Comply with domain verification requirements
But I can't seem to find a way to restart or resurrect this email conversation with Google having deleted the original thread. I don't really want to have to delete the existing app and create a new one as there are customers using it (as an unverified app).
Is there a way for me to have the verification emails resent, does anyone know?
For some additional context - I want to reopen the verification conversation to allow only enterprise accounts to use the app, as described here: https://support.google.com/cloud/answer/9110914#enterprise&zippy=%2Cmy-application-has-users-with-enterprise-accounts-from-another-google-workspace-domain-how-does-this-apply-to-my-google-workspace-or-cloud-identity-enterprise-accounts
Thanks in advance
My bad - you just have to go in and edit the app, make any change, and you are prompted that a new email will be sent.
I have successfully and deceivingly easily added Firebase authentication for my web ap. I've found during my work that it's actually just a wrapper over the identity platform product from GCP. I've found this out while working on adding two factor authentication via phone for the app as well.
Everything works fine for the amount of complexity 2fa brings.
The problem I am now facing is that every time I enroll a user to the second factor, they get a horrendous automatically generated email which I just can't seem to understand where to change.
I know that transactional emails are a bit unwieldy in Firebase, so I fear the worse on customization, which is why I am asking:
Where do you change, or disable that email? I am already notifying the user their phone was validated and they just got the SMS on their phone, there is no need for another ugly notification.
That said, the documentation does say an email will be delivered upon running the multiFactoruser.enroll method, but not much else.
I've also found that the identity platform allows for programmatic enrollment via the admin SDK which is I guess my next plan if the email cannot be disabled.
This seems straightforward enough, but I'm wondering if it will also send a validation SMS or that is simply it, if the user adds a wrong phone, they will then be locked out of their account.
I am currently working on a Chrome Extension that uses the Gmail API to sync emails.
As I am testing, refreshing, changing code etc, I often get a message that Google has detected Unusual Activity from my IP address, causing the entire office to have to enter CAPTCHAS to do any Google searches.
Today I actually had my test email account locked for one hour because I was requesting email too often.
Does anyone know of a way to ask Google to whitelist a specific IP for development?
EDIT* if you are going to downvote my question can you at least explain why? I would like to be a good netizen but if you dont tell me what I am doing wrong you are part of the problem, not part of the solution.
As Google documents in their help article: "...we notify you about unusual account activity, such as sign-ins or password changes from unfamiliar locations and devices. You can review this activity and confirm whether or not you actually took the action."
https://support.google.com/accounts/answer/1144110?hl=en
You might also check this article about "How to Turn Off a Gmail IP Address Tracker" at http://smallbusiness.chron.com/turn-off-gmail-ip-address-tracker-51241.html.
Is there a way to create a filter in gmail programatically for gmail users as well as for free google app accounts?
It seems that the e-mail settings API is only applicable for Google Apps for Business or Education accounts (http://support.google.com/a/bin/answer.py?hl=en&answer=60228).
Aayush.
I would like to know whether anybody knows the answer, because a good gmail filtering app is sorely needed for android users!
I looked everywhere and finally found this:
https://market.android.com/details?id=com.digitalchemy.springclean.gmail&rdid=com.digitalchemy.springclean.gmail&rdot=1#?enroll=yAb5pZ2MYWwmoft_rED3OYt6t0U%3D&purchaseButton=Dw2xBTSDPLCsKHcCnowBY0VcYUU%3D&addInstrument=NyJt6qfLAWzk-RVX01VtYp73FRg%3D
I don't like that it costs 3 dollars and uses 7megs of space. The source is closed, and I'm trying to guess how it does what it does.
This is the most recent link I've found as I try to make my own filtering app and service:
http://googlecode.blogspot.com/2010/03/oauth-access-to-imapsmtp-in-gmail.html
So, it appears that the API is (as you stated) for Business / Education accounts only, and Google doesn't support Sieve in their IMAP account - http://support.google.com/mail/bin/answer.py?hl=en&answer=78761
As I see it - your only option would be to create a custom IMAP client that creates & stores rules on your own server, and then manipulates the email locations "manually" - a rather taxing process if you ask me but doable :)
EDIT:
Here is a little tutorial using Zend_Mail for moving gmail emails via imap
http://www.devcha.com/2010/06/how-to-removemove-messages-using-zend.html
So I'm in the midst of creating a Facebook Connect enabled site. The site in question will leverage your social graph - as defined by your facebook account - to do social things (what is really not important here). Here's the big question I have:
Are people still rolling their own authentication heuristic when using something like Facebook Connect? That is, are newer (FBConnect) sites today providing only FBConnect as an authentication strategy, or are they pairing it with other auth strategies (such as Google Auth, Open ID, etc)? What do you think is the best way to go? With Facebook having over 300,000,000 users now, is having 1 authentication strategy (FBConnect) enough? Or is it proper netiquette to provide users other means?
Some of the references I have been looking at today:
http://www.kenburbary.com/2009/08/five-reasons-companies-should-be-integrating-social-media-with-facebook-connect/
Increased Registration - Data from Facebook states that sites that use Facebook Conect as an alternate to account registration have seen a 30-300% increase in registration on their sites.
• Citysearch.com – Daily site registrations have tripled in the 4 months since Facebook Connect testing began
• Huffingtonpost.com – Since integrating with Facebook Connect, more than 33% of their new commentor registrations come through Facebook
• Cbsinsider.com – Over 85% of all new user registrations are coming from Facebook Connect
http://www.simtechnologies.net/facebook-connect-integration.php
"according to the current statistics using facebook connect increases 30-40% user traffic as compared to non-facebook connect websites."
http://wiki.developers.facebook.com/index.php/Connect/Authentication_and_Authorization
Our research has shown that sites that implement Facebook Connect see user registration rates increase by 30 - 200%.
No Need to Create Separate Accounts
In general, it's not a good practice to force a new user to create a separate account when registering on your site with Facebook Connect. You'll have the user's Facebook account information, and can create a unique identifier on your system for that user.
Just make sure you understand what Facebook user data you can store, or simply cache for 24 hours. See Storable Information for details.
If the user ever deactivates his or her Facebook account, you have a chance to contact the user to request the user create a new account on your site. When a user deactivates his or her account, we ping your account reclamation URL to notify you of the deactivation. Then Facebook sends the user an email regarding the deactivation. If the user has connected accounts with any Facebook Connect sites, and if your site has specified an account reclamation URL, the email will contain a section with your application logo, name, and reclamation link, in addition to an explanation about the link's purpose. For more information, see Reclaiming Accounts.
http://www.chrisbrogan.com/how-facebook-connect-points-the-way-towards-velvet-rope-networks/
The Drawbacks
Though there are advantages to using Facebook Connect for integration, there are some drawbacks, mostly from the marketer’s point of view. If you build out a social network project using Facebook Connect, Facebook gets all the information and you get none. You don’t get a database of users. You don’t get a way to message people participating in your event, except for “in stream,” the way everyone else is using the app. You don’t have any sense of demographics, nor any control abilities to block trolls or other unwanted types.
Crystal Beasley "All of the FB Connect sites we have built so far have incorporated "standard" accounts as well, even with the added complexity of supporting dual login methods."
There are still people who use mySpace (myself not included), and I know a several people coming out of college that have completely deleted their FB accounts to get rid of information of them they don't want potential employers to find (I know, there are a lot easier ways of doing this). If there are people who for whatever reason do not want to have a FB account, at least give them the option of creating a private google account.
Using ONLY Facebook as the register/login-method seems pretty dangerous to me. If you had a regular user management system, with Facebook Connect to speed up the process from a user-perspective is a good idea.
The Problem is somewhere else
if you really want to leverage the social graph only facebook brings "pure" data
the graphs people build at e.g. myspace arent telling much about that person and its social env. - at google neither
if you are just heading for viral spreading prefer the plattforms that share the best (just facebook again)