Comments (5)
yujuan
commented on April 20, 2024
The login process is actually logged in the user but not the app. Other people may know your app id, but they can not do anything to your app. they can not change your setting or anything.
from facebook-ios-sdk.
commented on April 20, 2024
Yeah I understand that the user gets logged in securely. My problem is that what prevents another developer from using my app id to access facebook?
For example, another developer could get my app id from the url, put it in their iPhone app, and use that to publish things to a user's stream that contained questionable content or foul language causing that user to report MY app. Since it is my app id, would I not be the one held responsible?
How do I keep that from happening if the only way for my app to identify itself with the api is a public piece of intormation?
from facebook-ios-sdk.
yujuan
commented on April 20, 2024
This is a very good point. But remember no matter we use app_id or api_key or app_secret, once it is shipped with the app, there is nothing can be secret. The user can always get this information by crack your app. So try to keep a secret that is shipped with client app is not really useful. Using the SDK, the stream publish is through our facebook dialog, when the app publish something to user's stream, the user would always be able to preview the content. Moreover, you are the admin of the app, you will always be the first contact if something happen.
from facebook-ios-sdk.
snichols
commented on April 20, 2024
I disagree with this, yujuan. What if the user has given the app unprompted publish permissions? There would be no popup then, would there?
This seems to be a terrible security flaw. All a programmer has to do is know my Application ID and they can assume my application's identity. Yikes!
from facebook-ios-sdk.
markltownsend
commented on April 20, 2024
That is somewhat true. I am able to call [facebook dialog:@"publish_stream" attachement:attachement delegate:self] without having given publish permission. All a user has to do is log in and then the post to wall dialog comes up and they hit publish and it's there on the wall.
from facebook-ios-sdk.
Related Issues (20)
- I installed iOS SDK version 16.0.3 using the Swift Package Manager process, but when I checked on the Facebook developer account, it showed version 0.3.1. HOT 1
- Wrong version in SPM Xcode 15.3, latest release 17.0.0 but SPM package declares 14.1.0 HOT 9
- I want to updating Facebook SDK to 17.0.0 bug it is fail ,please update to 17.0.0 HOT 5
- The accessToken generated by SDK 17.0.0 is Invalid: `Invalid OAuth access token - Cannot parse access token ` HOT 22
- Missing header for objective c FBSDKApplicationDelegate.h missing
- Can't use FBSDKLogin using Swift Package Manager HOT 4
- [iOS] `AppLinkUtility.fetchDeferredAppLink` returns nil url in completion
- Don't show 'isAdvertiserTrackingEnabled' deprecation warning below iOS 17 HOT 5
- iOS Facebook SDK lost session regularly HOT 1
- Facebook SDK(dynamic) Validation Failed in Unity
- Facebook Login doesn't open the App when Installed HOT 5
- App switches to limited login. HOT 10
- Facebook SDK automatic app events logging with StoreKit2 HOT 2
- Static Framework as a swift package
- Access Token Expiration error HOT 1
- Build error with FBAudienceNetwork.xcframework: Signature cannot be verified HOT 1
- ld: symbol(s) not found for architecture arm64 (Flutter) HOT 4
- iOS SDK API does not work even after performing all requested actions
- Privacy manifests only included in release 17.0.0 with breaking changes HOT 4
- Xcode15.3: After updating SDKv17.0.0 through SPM, an error occurred while running the project: dyld [5199]: Library not loaded: @ rpath/FBSDKCoreKit. framework/FBSDKCoreKit, unable to start the application HOT 12
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from facebook-ios-sdk.