Rollo62

Hi there, the new tracking requirements from Apple will soon be enforced into AppStore, so that apps might be rejected. Here more guiedelines. I would like to ask if someone already has experiences with this API, since its a little unclear what might fall under it. Since I'm afraid that his new API contains a lot of pitfalls, like always, to see unexpected rejections, would be good to clarify as early as possible. Its clear that, if you use any dedicated tracking system, personalized AD's, etc., that this IS tracking. What I'm thinking of, are all the corner cases that might fall under Apples restrictions as well. Sharing device location data or email lists with a data broker. What if device location is stored locally, and maybe sended my mail on-demand uf the user ? Is email a "data broker" ? What kind of company constitutes a data broker? Data brokers are defined by law in some jurisdictions. In general, a data broker is a company that regularly collects and sells, licenses, or otherwise discloses to third parties the personal information of particular end-users with whom the business does not have a direct relationship. What is a "data broker" in practice, is this also any private service that processes data for the user only, e.g. like travel route manager, or an apps error logging service ? Is any service that NOT discloses any data to 3rd parties OK then ? Sharing a list of emails, advertising IDs, or other IDs with a third-party advertising network that uses that information to retarget those users in other developers’ apps or to find similar users. What if sharing data with non-retargetting services, howto define and proof what is "retargetting" and whats not ? Placing a third-party SDK in your app that combines user data from your app with user data from other developers’ apps to target advertising or measure advertising efficiency, even if you don’t use the SDK for these purposes. For example, using an analytics SDK that repurposes the data it collects from your app to enable targeted advertising in other developers’ apps. What if you just need a personal login on a personal service, with no advertising taking place ? Developers are responsible for all code included in their app, including single sign-on (SSO) functionality provided by third parties. If the user will be subject to tracking as a result of SSO functionality included in your app, you must use the app tracking transparency prompt to obtain permission from that user first. Ok, and howto proof that an single-sign-on is used on my own server only, is a written declaration enough ? Are any 3rd party single-sign-in or OAuth-services still Ok, or not ? Can I use my own server, to proof no tracking takes place ? Can I fingerprint or use signals from the device to try to identify the device or a user? No. Per the Apple Developer Program License Agreement, you may not derive data from a device for the purpose of uniquely identifying it. Examples of user or device data include, but are not limited to: properties of a user’s web browser and its configuration, the user’s device and its configuration, the user’s location, or the user’s network connection. Apps that are found to be engaging in this practice, or that reference SDKs (including but not limited to Ad Networks, Attribution services and Analytics) that are, may be rejected from the App Store. Well, and what about app-generated GUUID's then, or any hash of user-provided data, like email ? In the meaning from above, all "generated", not "derived" data should be fine ? I hope that already some do's and don't could be shared.

See also here.

I doubt exactly that, but if you can bring an app to simulator and then to the AppStore, please let us know

Maybe that is interesting too https://webkit.org/tracking-prevention-policy/ https://webkit.org/blog/11529/introducing-private-click-measurement-pcm/

Thats what also Android required now, to have the "prominent disclosure" page, before touching anything. I think thats good behaviour in general, to let the user choose whats OK for him. Thats what I implemented now not only for Android, but also for iOS in same way. I think its a good policy to explain and let choose before use, even if this disclosure page might distract a lot of people. What I'm afraid of are the many unexpected side-effects of such a new API might bring, maybe unwanted crashes, exceptions or AppStore rejections. Better to explain what I would like to do: My apps may contact and register on my own hosted server, so that data protection is no issue, as no 3rd party is involved in the best case. Preferably on own hosted servers, not AWS or the like, because AWS could be seen as "tracking" if you think over-sensitive. With my hosting provider I have a data protection contract. I do not really want to track anything at all, but the definition of "tracking" depends on the point-of-view. Is sending data by user-confirmed EMail already "tracking" ? Is logging by single-sign-on into a server already "tracking" ? For the second I don't need any real privacy data from a person, but at least a unique ID, and it will be hard to secure without 2FA. With the tracking API Apple seems to restrict to take such unique ID from the Phones itself, so I ask myself: is as self-generated GUUID or hash OK then ? Apple provides a few examples, which of course should be restricted, but what about all those "harmless" apps, that only need to contact their servers for various, non-personal data. Lets take for example a simple shopping list, which is hosted on a central server, all data only for one user, anonymous user, no data processing, no data sharing, no data analysis. Just for one user to share his own data on his several devices, is that already considered as "tracking" ? Would be using a 3rd party OAuth-server, like Google/Facebook, already be considered as "tracking" ? Where does it start, where does it end ? If Apples view of "tracking" only has to do with restricting unwanted AD's, then I'm fine. But if this is getting too strict, then it starts getting problematic. I mean you can drill this topic always to the extreme, and I knew Apple for doing so very likely

Yes, but its offers pay-as-you go 1$ / h. If you are able to align your work, mainly working and testing under Windows, so that you just use it as a final build test approval, it could be worth it. But it would be much better to check out for some used hardware ... Using a simulator for iOS is not my recommendation anyway. Check out the platform status of Firemonkey, this only supports older simulators anyway, so it will be hard to work with them only. This cannot reflect the real behaviour of an iPhone, and you will see many issues when moving a running app in simulator to a real device. In that stage, with a final app, finding any failures is close to zero. If you need just pure and simple TForm/Button/Edit/Memo/... designs, and never use anything special from the iOS hardware/permissions/etc., it could be possible in the simulator. If your goal is not to put a productive app on a real device or in the AppStore, just for checking out iOS, OK maybe.

Yes, of course. I think all major hackers put russian and chinese Unicode strings in their code, but in reality they live in in San Francisco, Redmont and Cupertino But jokes aside, why don't you look into the sources, to find something suspicious ? Hackers are usually very eager to leave their tags anywhere.

@david_navigator That came to my mind first as well, but I never tried that out. I use VM's on a real Mac. From my "Apple-Experiences" I would expect such Hackintosh should be limited in so many ways, that it will be hard to make real work with it.

Correct, those were the rights Moses gave them, carved in stone But whats unclear a bit is, what means "tracking" for them, and whats not.

https://www.macincloud.com/

Hi there, this is maybe interesting for one or the other.

Maybe additional info here, if that concerns someone using the All files access (MANAGE_EXTERNAL_STORAGE) permission https://support.google.com/googleplay/android-developer/answer/9956427

Maybe the Android Kiosk Mode is something to be considered too. https://www.manageengine.com/mobile-device-management/how-to/kiosk-for-android.html https://snow.dog/blog/kiosk-mode-android https://www.sdgsystems.com/post/implementing-kiosk-mode-in-android-part-1

Good luck. So this means the changes work at least fine for a short period now ? So I thought your original issue should some kind of reproduceable, or was it more or less unpredictable ? Nevertheless, I think that permanently re-ensuring that you really want to stay wake should solve it, since that starts a new wake session hopefully.

I think its no problem to re-start a WakeUp several times, e.g. by timer every 10 sec., to keep it alive. The user won't notice this.

Probably the deprecated FULL_WAKEUP or the ACQUIRE_CAUSES_WAKEUP could cause problems. https://developer.android.com/reference/android/os/PowerManager#FULL_WAKE_LOCK Do you really need to wake up the screen fully ? This seems to be a function that may stress internal behaviours much, I usually start the screen manually and keep the screen awake then, that works OK.

I reworked TListView a lot, but maybe that helps for your case: https://stackoverflow.com/questions/37570047/change-alternating-colors-in-firemonkey-tlistview https://github.com/rzaripov1990/ModernListView

Maybe thats not a complete solution either.

You could consider CustomFormat with Livebindings, but I cannot really propose Livebindings. Thats workable, but has many other issues on the road too. If you want to use it, I would propose to use LB from runtime, see Steve Balls nice archive here.

Yes, I understand all your points, and totally agree with you. Only there I think that this class should show me some "blob" space on the screen, with presentation of the underlaying informations, that not really matters what kind of data that is. I don't want to choose from 20 versions of this edit, to just make it look as it should. Ok, there were limits. For example with chemical formulas or math formulas, I would consider a specific derived type probably

Yes, but maybe this has something to do with peoples expectation. Probably you are right, and the cast can solve this case. However, I maybe have a too high expectation about what a "normal" TEdit should be able to do, so I like to enhance this functionality to an acceptable level. For example, take the simple TDateEdit, which should nicely jump from yy to mm to dd. With that expectation of TEdit I would not need a bunch of "TNumberBox, TCurrencyEdit, TDateEdit, TTimeEdit, TIpEdit, TIBAN_Edit, etc.", it will be all in one TEdit. The formatting of display text is very basic task for me, and it should be solved once and for all. Anyway, I like philosophical discussions, but I understand also the reasons why others might don't like that idea. But I'm crazy enough to go my own ways, if I needed to

I like when interposer make default controls really usable, instead of new control, needed to be maintained, etc. But that is a philosophical question maybe.

You could use and interposer for TEdit (or TNumberBox), which could handle the format display. In this example as external event, but I would do this already inside the interposer as default version, controlled by format strings, as there is a quite general need for a custom format control. http://delphiaccess.com/foros/index.php/topic/13610-currency-edit/

@Stefan Glienke Well Stefan, it seems we had similar thoughts, as I presented my "poor man's" solution some days ago. Congratulations, of course you had that full fledged IDE tool ready, probably doing a bit more and different than that. I have to look deeper into it, but however the charm of my approach is that I don't need to install any helper at all.

I think Marcos proposal to change the projects default settings would be a possible solution (workaround)