MicrostockGroup
Microstock Photography Forum - General => Microstock Services => Topic started by: baweg on December 13, 2013, 09:00
-
Hey,
I'm working on a new android app for tracking microstock agency sales.
By now it supports Fotolia, Shutterstock, iStock, Dreamstime and 123rf (more will follow).
I released it as free beta version and hope to find some users to test it.
MicrostockStats beta on Google Play:
https://play.google.com/store/apps/details?id=de.bawegapps.microstockstatsbeta (https://play.google.com/store/apps/details?id=de.bawegapps.microstockstatsbeta)
In the event of problems just contact me.
-
I just installed the app, and i was using a sniffer to see the traffic made by the app, you app sends all the username and passwords to you website:
http://deschnuess.de/microstockstats_beta/fotoliaLogin.php (http://deschnuess.de/microstockstats_beta/fotoliaLogin.php) (user/pass) http://deschnuess.de/microstockstats_beta/istockphotoLogin.php (http://deschnuess.de/microstockstats_beta/istockphotoLogin.php) (user/pass) http://deschnuess.de/microstockstats_beta/shutterstockLogin.php (http://deschnuess.de/microstockstats_beta/shutterstockLogin.php) (user/pass)
i was forced to change all my passwords to all my accounts. Please write in the app description what the app does and do not fool the users about the privacy. All the credentials are sent to your server and this is unencrypted and you can do whatever you want with them. So again please update the privacy text on your Google Play and say that the credentials are send to you server.
Thank you
-
Because the app is implemented with JavaScript and the PhoneGap framework I need PHP proxy scripts (same origin policy).
Of course the data is sent encrypted. I don't understand why you think they are unencrypted.
Even the sessionIDs are encrypted.
The server scripts are just forwarding the data to the agencies and will bring back the statistics.
I'm not storing any user data on my servers.
Of course the users have to trust my app, because it could be used to theft user data, but this is possible with every app that requiers user data.
I'm showing my full name and email address in the app description and on the info page inside the app.
It's not my intention to steal any data.
-
The app now got out of beta state.
The app description now clearly contains the fact that a PHP proxy server is used because of technical reasons.
The full version is available at:
https://play.google.com/store/apps/details?id=de.bawegapps.microstockstats (https://play.google.com/store/apps/details?id=de.bawegapps.microstockstats)
You can also try this app by installing the free DEMO version:
https://play.google.com/store/apps/details?id=de.bawegapps.microstockstatsdemo (https://play.google.com/store/apps/details?id=de.bawegapps.microstockstatsdemo)
-
Because the app is implemented with JavaScript and the PhoneGap framework I need PHP proxy scripts (same origin policy).
Of course the data is sent encrypted. I don't understand why you think they are unencrypted.
Even the sessionIDs are encrypted.
The server scripts are just forwarding the data to the agencies and will bring back the statistics.
I'm not storing any user data on my servers.
Of course the users have to trust my app, because it could be used to theft user data, but this is possible with every app that requiers user data.
I'm showing my full name and email address in the app description and on the info page inside the app.
It's not my intention to steal any data.
Data is sent unencrypted to your website according to sniffer program, this is because if you send the data encrypted, you need to decrypt it to send it to Fotolia or Dreamstime to try to login into their websites, and of course you got the USERNAME and the PASSWORD and you can do whatever you want with the user credentials, so that's why i changed all my accounts after testing the app, i don't thrust any app that submits the data to an unknown website and not using HTTPS
Why don't you say in the About Tab of your app what the app is actually doing, you are avoiding the truth by omission which is a BIG LIE, the user / pass are available into you website