Blocking spammers on an iOS app

Question

What are some reliable and efficient methods to block spammers or abusive users of an iOS app?

The iOS app allows for ecommerce and chat, but is trying to prevent the community from being overtaken by a Craigslist vibe, or allow fraudulent activities to occur.

Is it feasible to block a spammer or abusive user via IP address, especially since dynamic IP addresses are prevalent?

Is there any method to notify Apple about a spammer or an abusive user, to prevent them from downloading an app via iTunes after repeated violations?

score 3 · Answer 1 · answered Jan 13 '12 at 23:47

A few options:

1) Rely on the MAC address. For privacy reasons you shouldn't send the MAC address itself to your server, but a hash of it (preferably with some salt).

2) Create your own UUID using CFUUIDCreate(), and save that to your keychain. Keychain entries persist even after the app is uninstalled, and will still be there when it is re-installed. The user will have to reset his device to get rid of the entry.

3) Have your own email/password authentication system, in which case you can just revoke addresses. Preferably if you do this you should disallow domains such as mailinator.com.

4) Use OAUTH, IOS version 5 even has some built in support for using Twitter's credentials.

score 2 · Answer 2 · edited May 23 '17 at 11:51

2

you can generate a unique identifier for your application on a specific device by using CFUUIDCreate(). the only downside to this is that if the person uninstalls the app and re-installs it they'll get a new ID. if this is a problem, you could look into using the MAC address which is unique per device:

How can I programmatically get the MAC address of an iphone

edited May 23 '17 at 11:51

Community

1
1

answered Jan 13 '12 at 04:13

Mike K

2,227
1
12
6

Saving the uuid to the keychain will cause it not to be deleted on uninstall. – Danra Jan 14 '12 at 09:51

score 2 · Answer 3 · answered Jan 13 '12 at 23:35

It's still possible to get a unique device ID (UDID) by calling [[UIDevice currentDevice] uniqueIdentifier]. It's deprecated in iOS5 (deprecated means "will be removed in future", not "doesn't work or will get you rejected"), but it still works and for now is the easiest way to uniquely identify a device (you can also get the MAC address, which is trickier but nearly as good and not deprecated).

Once you have that, just blacklist spammers based on their UDID and block messages from them. You don't need to inform Apple, just ignore messages from their device - they aren't likely to go out and buy a new iPhone every time they want to spam you, so eventually they'll give up.

If that seems too harsh, or you're worried about them leaving negative feedback, you could operate a "3 strikes" principle with warnings, or block them for only a few hours at a time, etc.

Blocking spammers on an iOS app

3 Answers3