0

I wonder how I can track a user nowadays without user account. From what I have seen, the best solution is to store an id into an SSKeychain. From this post: https://stackoverflow.com/a/21097282/3722523, the user stores the NSUUID in the keychain. Do you think Apple will validate my application with that solution?
If yes, if I have a database, can I store the NSUUID in my database?

Thank you.

Edit: For a purpose, I need to allow user to add only 1 pin on the Map per day. My app has a database, but I don't want to set user account for now. So I have to track the user, even if he unistalls and reinstalls the app.

Community
  • 1
  • 1
user3722523
  • 1,740
  • 2
  • 15
  • 27

2 Answers2

1

Using the keychain for something other than it's intended purpose will get your app rejected if Apple notices that you're doing it. The only question is whether or not they will notice, I don't know.

Since this also violates the user's privacy, there is some risk your developer account might also be deleted. Apple doesn't like it when App developers do violate user privacy. Apple has previously been very harsh with developers who do stuff like what you're proposing.

The correct method for tracking a user is to ask the user to enter a username or email address. Anything else is trying to dodge Apple's restrictions on what app developers are allowed to do.

You need to make it clear that a user is creating an account on your server, and you need to give the user control over that account. Also just because two devices are using the same keychain does not mean those devices are used by the same person — so it's definitely not correct to use keychain or anything related to iCloud.

You can use the identifierForVendor property on the UIDevice property to identify an individual device. If you want to link multiple devices to a single account, then you've got to let the user do that. There is no alternative, without risking app rejection. Apple specifically does not want developers to do that, although they have trouble enforcing this rule.

Also note that you're not allowed to use identifierForVendor for advertisements. It must never be shared with any advertisement system. There is a separate identifier for that, which the user can opt out of.

Abhi Beckert
  • 32,787
  • 12
  • 83
  • 110
  • Thank you for the answer. I heard the identifierForVendor is reset if the user unistalls and reinstalls the app – user3722523 Nov 23 '14 at 23:45
  • Correct. Apple intentionally provides no identifier that can track users in the way that you're requesting. That's by design. Attempts to circumvent that design are likely to run afoul of review. The fact that you get approved once does not provide any promise that you won't get rejected in the future (just as speeding without getting caught doesn't mean a cop won't pull you over). Many developers have encountered the "I was just doing a minor update and now I find out my entire approach is rejected." If you need to authenticate users, you need to create server accounts. – Rob Napier Nov 24 '14 at 01:05
  • Looks Like I will have to create user accounts. But I'm sure I will miss potential clients who will not want to create accounts – user3722523 Nov 24 '14 at 13:01
  • @user3722523 so make the account optional. If somebody only uses your app on one device, let them use it without an account. Use the identifierForVendor. – Abhi Beckert Nov 24 '14 at 22:04
0

What about using the iCloud KVS (key value store) to store some sort of setting that keeps track of the user's last pin? It would apply accross devices, but it could be circumvented relatively easily if the user has iCloud Documents and Data syncing turned off. It would be within Apple's guidelines, and it would probably work if your restriction isn't an absolute must.

It would persist between multiple installs, and it would also provide the benefit of preventing users from adding multiple pins through multiple devices.

wottle
  • 13,095
  • 4
  • 27
  • 68