REPORTING & ANALYTICS PROGRAM
With this program, beginning December 1, 2012, Sprint will combine Mobile Usage Information and Consumer Information to prepare business and marketing reports that we may share with others. You can be confident that your information will be aggregated so that you will not be personally identified. We may also share location information with other companies in a way that does not personally identify you. If you do not want us to use your customer information for this program, you can opt out anytime as described below.
I just got this email think ill be opting out of this for sure
Great post. Thanks. Where can we find opt out info?
First hit on google states:
If you do not want us to use your information for our Reporting & Analytics program described above, you may opt out by:
Calling 1-855-596-2397 from your mobile device, or
Visiting http://www.sprint.com/mychoices
Click to expand...
Click to collapse
I went to the URL, signed in, and had to opt out each individual line in my family plan.
Related
Hello!
I'm software developer from Russia, and made one very popular app in local market. Very soon I realized that I need an ability to give licensed version of app for my friends or reviewers or someone else.
Unfortunately AppHub doesn't provide such functionality(private distribution is pain in ass), so I created a webservice for myself.
After two days I realized that it may be useful for other developers, so here it is:
promo.g33k.ru (here I wanted to post url, but I can't due to low post count. You may find it in my profile->interests)
Now it has:
- JSON/SDK with RSA1024/SHA1 sign for additional security checks
- Binary SDK available
- Russian localization(if anyone cares ) (btw, if you can help translating to other language(s) or correct english misspellings - i will appreciate this).
Now this service works in beta mode.
So for developers I have two questions:
1) Is such service useful for you?
2) How to develop it further, in which way?
Not yet clear
I am sorry, but after reading your post and also checking your website I am still not sure what you offer. For me there is just not enough information to understand and then judge the usefulness of your service.
Maybe you could give a step-by-step scenario: Dev does this, then interested user does that, dev then this ...
Ok, I'll try to describe a little more details:
1) Developer wants to add capability of promo codes in his app(to give some specific users full licensed app).
The first problem is that developer need his own server for checking of promo code validity(hardcoding is not an option, of course).
2) So, Developer registers in my service, add his app's guid to his app list and create a promo code for specific app via web.
3) Developer adds support for promo codes in his app by:
a) adding an text box for user to enter promode
b) adding a web request to specific URL for promocode activation
c) adding to his license check web request for checking is current user activated a promo code.
Benefits for developer:
- Add support for promo codes without owning a server.
- Simple way to give full version of program to friends
Benefits for users:
- User may found promo code for specific app somewhere and use it to get full version of app in simple manner.
Benefits for reviewers/portals:
- Developers can easily give promo code for reviewing purpose or as giveaway for news post.
Clear now
Thanks for the additional info, now it's clear
Well yes, sounds useful. Properly implemented is probably really easier than Microsoft's "closed beta" mechanism, and of course can be used for other, non-beta apps as well.
The icing on the cake would be a "frame application" as sample code that basically does nothing more than asking for a promo code and then check against the list of valid codes on your server.
Sounds intresting but how do you ensure security?
chabun, I thought about security and situation is same as with default checking for trial - there is no security Man-in-the-Middle and direct cracking of xap will work, and there is no way out. I could use RSA signing for MitM, but still cracking of xap is very easy option today, so no one really interested will try to use MitM. When WP8 SDK will be out(I believe it will be in several weeks) - some developers may implement trial checks in native code - this will be much harder to crack.
As for server part there are following possible problems
- App's ID squatting(same as domain, someone else could reserve developer's app's guid). Don't know yet what to do with this, may be think about it later when this happens?
- Promocode's for App ID bruteforce - could be easily avoided via server throttling, if this ever happens - i'll add such checks
- Server DDoS - every webmaster's nightmare, I hope this never happens(or my Amazon AWS will pour my purse empty
rbrunner7, nice idea, I'll add a sample app as soon as possible on site.
This looks like an interesting concept
Sent from my SGH-i917 using XDA Windows Phone 7 App
Yop, you can never avoid direct cracking... However, RSA signing would be good I'd say as it will avoid MitM - with MitM you could create simple tools which can be used by every noob outhere. Cracking xaps requires some skill and it will need an unlocked WP7 as well.
I can see this working i have been thinking about something similar also. You can encrypt the data on device before sending it off to the cloud, you can than verify the encrypted data with a password and compare it to the codes registered on the server. Than link a code to a certain device id (once the code becomes 'registered') if a certain code is already coupled to a deice id and the device is not the same than the app will jump back into trial mode. Otherwise one can use the paid mode.
This can defenetly work and will prevent reselling th codes. Although it requires a server. And users can still hack/patch the app ofcourse but that will require an unlocked device so I should not worry to much about it.
Also to prevent spoofing you can frequently check with the server if this device is legitetmately registered.
Marvin_S said:
I can see this working i have been thinking about something similar also. You can encrypt the data on device before sending it off to the cloud, you can than verify the encrypted data with a password and compare it to the codes registered on the server. Than link a code to a certain device id (once the code becomes 'registered') if a certain code is already coupled to a deice id and the device is not the same than the app will jump back into trial mode. Otherwise one can use the paid mode.
This can defenetly work and will prevent reselling th codes. Although it requires a server. And users can still hack/patch the app ofcourse but that will require an unlocked device so I should not worry to much about it.
Also to prevent spoofing you can frequently check with the server if this device is legitetmately registered.
Click to expand...
Click to collapse
That's what I thought of... private/public key
chabun, so, for example, how about following scenario:
for each developer server creates public/private key pair.
when checking license on server: if success server encodes userid with developer private key
when checking license in app: server response decoding via public key(hardcoded in app) and comparing to userId. if ok -> licensed.
You might want to ask @ngreader guys on twitter. They do have this concept implemented in their app.
diverofdark said:
chabun, so, for example, how about following scenario:
for each developer server creates public/private key pair.
when checking license on server: if success server encodes userid with developer private key
when checking license in app: server response decoding via public key(hardcoded in app) and comparing to userId. if ok -> licensed.
Click to expand...
Click to collapse
I'm not sure if it would be good to encode the request to the server as well but otherwise it sounds really cool now... I'll use this service when I need this (and tell my friends about it)
Here is one way to do it http://stackoverflow.com/questions/599837/how-to-generate-and-validate-a-software-license-key
wpxbox said:
Here is one way to do it http://stackoverflow.com/questions/599837/how-to-generate-and-validate-a-software-license-key
Click to expand...
Click to collapse
Well, what they suggest is not as good as diverofdark's service which is a lot more secure and still easy to use for the customers...
Greetings everyone!
Today I updated promo.g33k.ru, now it has:
- more detailed about page,
- SDK now includes RSA1024/SHA1 sign for additional security checks
- Binary SDK available
- Russian localization(if anyone cares ) (btw, if you can help translating to other language(s) or correct english misspellings - i will appreciate this).
- Many minor bugfixes.
So, from now this service works in beta mode
diverofdark said:
Greetings everyone!
Today I updated promo.g33k.ru, now it has:
- more detailed about page,
- SDK now includes RSA1024/SHA1 sign for additional security checks
- Binary SDK available
- Russian localization(if anyone cares ) (btw, if you can help translating to other language(s) or correct english misspellings - i will appreciate this).
- Many minor bugfixes.
So, from now this service works in beta mode
Click to expand...
Click to collapse
Thanks! I will check this out
Hey diverofdark
It would be nice if you update the first post in the thread with all information. That's the way it's usually done in the forum.
A possible user (here dev ) can read it and without having to browse the whole thread, he can use your promocode service...
Thanks for mentioning it, I updated the first post.
um I'm 16 and have no about the law or what any of this mean, can someone tell me if i need to do anything please...
Hello,
Google has received a subpoena seeking information related to Android
applications that may have been made available on alternative markets
without the consent of the developer. The subpoena seeks information
about those Android applications, including contact information for the
developers of the applications. Our records show that your Android
developer account will be included in the information Google will provide
in response to this subpoena.
Google is not in a position to provide you with legal advice or discuss
the substance of the process in our possession. For more information
about the subpoena, you may wish to contact the Federal Bureau of
Investigation -- Atlanta Field Office at (404) 679-9000, reference #
2011R00320/FBI/ORKIN.
Regards,
Google Legal Investigations Support
Click to expand...
Click to collapse
http://www.androidcentral.com/fbi-investigating-android-apps-gathering-developer-information-google
I'd start by contacting google.
thanks for the responses, i Skyped the FBI this morning in collage, they said they didn't want Google sending these emails out and not to worry about it XD
That just means the FBI wanted to do their investigations without anyone knowing, but Google blew the whistle.. why would you suddenly not worry about it if it worried you initially?
There are shady markets selling pirated apps w/o developer's permission. There's an investigation, and because you have a developer account you're being included in that.
Kookas said:
That just means the FBI wanted to do their investigations without anyone knowing, but Google blew the whistle.. why would you suddenly not worry about it if it worried you initially?
Click to expand...
Click to collapse
i was worried because i had no idea what it meant.
The strange thing about it is why would the FBI or any law enforcement agency want a secret subpoena for information about the *victim* of a crime they're investigating? EG, if Gucci shoes were being copied and sold, why would they get a secret subpoena against Gucci? Doesn't add up.
I am working on a web service and thought it might be of interest to Windows 8 app developers out there, who might find the service useful and could even help testing it and offer advice on how to improve.
The product (codename Myelin, currently in alpha) brings powerful user feedback tools directly into your mobile apps. With just a couple of lines of code, you can integrate functionality that not only allows users to send comments directly to the dev, but also to track any replies and provide additional follow-up after the first submission. No private information (such as email address or account name) is ever shared, and no registration is required. It just works directly from the app.
Coming in the future are even more exciting features that make meaningful communication between the dev and the end user simpler and faster.
On the backend we have a feedback management portal that allows to monitor incoming feedback efficiently and manage any required follow-up in a bugtracking-like approach (think support tickets).
We have recently rolled out a client (== app plugin) for Windows 8 HTML apps, and would welcome devs willing to take it for a spin and give us feedback. BTW, XAML support is coming in the future; if you'd be interested, let me know and this work may move further up the priority list. XAML version for C#\VB Win8 apps is also available.
The service is currently free while it's in active development. While there are plans to eventually take it commercial, we will in any event be very accomodating to our early adopters.
You can read more at https://www.tfp0.com/s/windows8. If you're interested in learning more, reply here, PM, or just go ahead and sign up over at the website (we have plenty of spots available) to see what we have going there.
Below is a collage of various screens that the plugin introduces in the form of settings flyouts.
<= clickable
Since I've seen some offline interest in a XAML-based version, I wanted to note here that we did in fact roll out a version of the plugin for XAML.
In addition, both versions (HTML and XAML) are now available through NuGet as Timefork.DyneinXaml and Timefork.DyneinHtml .
Short version: I programmed a Windows 8 Oauth app. I didn't know where to post this, but it's mostly done in javascript and HTML so I figured this forum might be best. If others have time, I'd really appreciate it if someone would audit my code. Due to the nature of the amount my request, I thought it would be best to post a link to the GitHub repo. If this is wrong, please correct me.
GitHub: https://github.com/mepis/Windows8OauthAuthenticator
Long Version: I use 2-step for a lot of my accounts. The problem is, I'm lazy. I don't feel like getting up to get my phone after I set it down at night. I wanted a metro Oauth app for Windows 8. I looked on the store, but didn't recognize any of the developers. Due to the nature of Oauth, I choose to err on the side of caution and not use the apps. I'm not saying that other devs aren't well intentioned and good devs. I'm just saying that it's a better idea in the name of security that I not use the apps if I can't verify anything. So I decided to write my own.
That leaves another issue though. Due to the nature of Oauth, the token device shouldn't be on the same device you're putting passwords in. I'm choosing to ignore this a bit. I do recognize that tokens shouldn't be stored in plain text though in the Windows storage space. Instead, I push and pull the token from the Windows Credential Manager and the password vault.
I was thinking of running the tokens, labels, and account names through an AES algorithm and then storing that information in the credential manager. This would require a user password on opening the app though. I'm not sure I want to go that route yet, though it would be easily implemented later on.
The mission of this app is simple. I want to offer an Oauth app that is open source and able to be audited by the general public. I want others to have access to a free tool that they can trust and review. I will never charge for this app nor ask for donations. It's also posted under the GNU version 3 license.
At some point, I am thinking about porting this app to Windows Phone.
I'm very much a amateur developer though. I was hoping that others could audit my app, offer suggestions, and point out mistakes. I very much appreciate any help or time that any person is willing to offer.
While you may well get some takers, and some of them might even know what they're doing, you realize you're asking for something that is usually done by people who do this stuff professionally for hundreds of dollars per hour, right? It's like writing up a legal contract and posting it online and saying "do you think this will hold up in court?"
OK, training to be a security engineer doesn't take as long as training to be a lawyer. But there's *more* lawyers than there are security engineers, and our time is very much in demand (yes, I'm a security engineer; no, I will not audit your code for free unless I expect to have a use for it personally).
I'm not even sure what you mean by "OAuth app". OAuth is a standardized protocol (v2.0, RFC 6749, is more accurately described as a framework) for delegated authentication. For example, you've seen how a lot of web sites let you sign in using your Facebook account? That's because they use Facebook as an OAuth provider. The website delegates the responsibility of authenticating users to Facebook, which is handy for them because they don't have to handle passwords and so forth, handy for the user because many users already have FB accounts, and handy for FB because they gain information about what kinds of sites you visit and can use that to target ads. It also has downsides, of course; the OAuth client (web site) has to trust that FB knows what they're doing and to remain available, the user gives FB info they might not want FB to have and also ends up essentially re-using passwords across sites (a bad idea), and FB bears the cost and responsibility of managing all those logins.
Now, to make any authentication scheme (including but not limited to OAuth) stronger, you can multi-factor authentication (sometimes called two-factor auth or 2FA). The most common way of doing that is using Time-based One Time Password (TOTP, standardized as RFC 6238) security tokens, either in small hardware devices or in mobile apps. Is that what this is supposed to be? Because... that has nothing to do with OAuth.
I have a hard time imagining a situation in which I'd use a TOTP generator written by somebody who didn't know the difference between TOTP and OAuth.
Well, your response thus far has been excellent (I'm not being sarcastic). I need to read more about Oauth then. I must have my definitions and understanding a bit confused.
In actuality, to phrase it better, the application would be a TOTP app then - like Google Authenticator. I used Javascript provided by Google for the TOTP generation. The app itself is rather simple. My biggest concern though is the safety of the tokens. I used Windows Credential Manager to store the tokens on the device. I couldn't find much information about the security of Windows Credential Manager though. That's my biggest concern.
Other than that, thanks for the information. I'm going to do some more reading.
For what it's worth (and without having read your code), it sounds like you're doing OK; TOTP generators are not complex by themselves, and usually the only threat to them is in the secret storage (which you're addressing). Of course, most of them offer things like QR code scanning (as a way to load secrets more easily) and I don't know if you have anything like that or whether there are any security pitfalls there.
PREMISE
see mockup attachment. fyi, some minor details are left out to protect the premise.
the purpose of the app is to create a countdown clock. and we intend to have different sponsors.
FRONT-END REQUIREMENTS
when the clock expires, it will have beep and vibrate.
to make money, when someone brings up the app on their phone, they would see a coupon from a sponsor company. and upon the launch screen, if the person likes the coupon, they can request to have it e-mailed to them. there's two options to have at this point. a) the app sends me (the app business owner) an e-mail confirming that this individual has requested this coupon. and I'll e-mail it to them whenever I get a chance [but this could get messy if there is a ton of users] b) the app somehow automatically send an e-mail right then and there to the individual [this could be a Day 2 project].
regardless of whether or not the visitor has requested the coupon e-mailed to them, when they click the "ENTER APP" button, they should be transferred to the APP SCREEN.
BACK-END REQUIREMENTS
a. we will NOT store any customer data or e-mails or anything else. we will simply generate a one-time e-mail to that address and that's it.
b. we would like to track a) how many downloads so we can tell potential sponsors b) how often people use the app and how long it's open on their phone for.
c. needs to work on android, IOS and windows phones. we do not care about tablets or computers. smart phones users will be 99% of our audience.
d. we need some sort of back-end or web interface where I can enter in new sponsor names, logos and coupons.
QUESTIONS
1. I'm not going to learn to build this myself. i have no knowledge of how to build one and don't have the time to learn. i plan to hire an overseas freelancer through odesk.com. what program should I ask they use to build this? I've heard terms like swift, xcode, ruby on rails, twitter bootstrap, etc… ideally, is there one go-to popular program that creates a cross-platform compatible app? my fear is that if I have to drop a programmer in the middle of the project and pick up another, will the new person be able to pickup where the last guy left off?
2. how would I go about changing the coupons? and changing the sponsor banner ads? would there need to be some sort of web interface? would I need to purchase a website and hosting account and have some functionality built there? is there some dashboard somewhere else?
3. how big scale a project is this? roughly how many hours should this take a COMPETENT app developer? seems to me like one of the most basic apps you could build but what do I know.
4. at what point does an app get submitted to google play? apple store? windows whatever they have? or do I even need those entities or could I just let people somehow download it from a website? if so, what would I be missing out by not getting it listed under those marketplaces?
5. anything else I have not thought about that I should be aware of?
please advise. thanks in advance!!!
sixrfan said:
PREMISE
see mockup attachment. fyi, some minor details are left out to protect the premise.
the purpose of the app is to create a countdown clock. and we intend to have different sponsors.
FRONT-END REQUIREMENTS
when the clock expires, it will have beep and vibrate.
to make money, when someone brings up the app on their phone, they would see a coupon from a sponsor company. and upon the launch screen, if the person likes the coupon, they can request to have it e-mailed to them. there's two options to have at this point. a) the app sends me (the app business owner) an e-mail confirming that this individual has requested this coupon. and I'll e-mail it to them whenever I get a chance [but this could get messy if there is a ton of users] b) the app somehow automatically send an e-mail right then and there to the individual [this could be a Day 2 project].
regardless of whether or not the visitor has requested the coupon e-mailed to them, when they click the "ENTER APP" button, they should be transferred to the APP SCREEN.
BACK-END REQUIREMENTS
a. we will NOT store any customer data or e-mails or anything else. we will simply generate a one-time e-mail to that address and that's it.
b. we would like to track a) how many downloads so we can tell potential sponsors b) how often people use the app and how long it's open on their phone for.
c. needs to work on android, IOS and windows phones. we do not care about tablets or computers. smart phones users will be 99% of our audience.
d. we need some sort of back-end or web interface where I can enter in new sponsor names, logos and coupons.
QUESTIONS
1. I'm not going to learn to build this myself. i have no knowledge of how to build one and don't have the time to learn. i plan to hire an overseas freelancer through odesk.com. what program should I ask they use to build this? I've heard terms like swift, xcode, ruby on rails, twitter bootstrap, etc… ideally, is there one go-to popular program that creates a cross-platform compatible app? my fear is that if I have to drop a programmer in the middle of the project and pick up another, will the new person be able to pickup where the last guy left off?
2. how would I go about changing the coupons? and changing the sponsor banner ads? would there need to be some sort of web interface? would I need to purchase a website and hosting account and have some functionality built there? is there some dashboard somewhere else?
3. how big scale a project is this? roughly how many hours should this take a COMPETENT app developer? seems to me like one of the most basic apps you could build but what do I know.
4. at what point does an app get submitted to google play? apple store? windows whatever they have? or do I even need those entities or could I just let people somehow download it from a website? if so, what would I be missing out by not getting it listed under those marketplaces?
5. anything else I have not thought about that I should be aware of?
please advise. thanks in advance!!!
Click to expand...
Click to collapse
Hi i have read your long query,The app which you described and checking out the mockups seems to be pretty less complicated and i will give you some answers for it.
1) The best thing to do is make an app in popular cross platform frameworks better use html5 frameworks such a sencha touch,jquery mobile etc with phonegap. Look for developers in this category.
2)Changing the banner ads and coupons is simple.Just host that in your server,app will load those ads and banners whens it loads for the first time ,we can refresh the content later by periodic service calls
3) its a small scale project .Just building the app alone will take atmost 30 hours including creating for 3 platforms and excluding testing.
4) its always better to upload the apps their respecttive stores.Apple wont allow apps to sideload fro other sources.For getting listed on those stores you need to get developer licenses 100$ for apple store,25$ for google play store etc
5)Just be aware that the app should work on all ost of the devices ,gives timely updates etc
also you can track the number of downloads from the respective stores,also you can include some analaytic sdk like flurry etc to get the details like "how often people use the app and how long it's open on their phone for".
i am an Cross platform app developer.If you are interested we can talk in Pm. hope i helped