开发者

How to best add a comment/rating system to an android app

I开发者_运维技巧 already published an android app where you can see a list of specific objects and detailed informations about them. The list changes every day but some of the objects can appear again. The application is communicating with a PHP server over HTTP and periodically pulls the list of objects.

I now plan to extend the app to make it possible to rate the objects and add a comment similar to how it is done in the android market. I'd like to avoid forcing the user to sign up for an account for being able to comment.

I see two problems:

  • The comment-system could be abused by spammers
  • A comment could be added from another system

So my questions are:

  • How to protect the system from spam?
  • How to authenticate the application with the server?
  • How do I limit the number of comments to one per user and object?
  • What about the androids device id? Is it unique enough to use it as identifier for the user?
  • Which other problems do you see?


2020 Commenting/Rating/Reviews Options

Since Socialize is out, here are a few options you can explore:

  1. Build your own comment/rating implementation. Personally I love reddit and how it handles nested comments and ratings. Here's a library I found that implements it beautifully. Please note you'll need to tie this with a cloud-database. This is based on groupie. Article & implementation. Many ways to do this - https://stackoverflow.com/a/59472206/668240
  2. Disqus - SDK's coming soon to iOS and Android.
  3. BazaarVoice - commercial
  4. Social Networks SDKs like Facebook, Twitter, etc. Personally I dislike this as we'll need to authenticate users with respective networks to use the APIs. It's like we are shipping off users of our apps to social networks. If you don't have a problem with that - then it might be for you

Legacy Option in 2014:

You can try out Socialize SDK which is open-source and a really good SDK for the rating and commenting you are looking for. It already has a well-functioning Commenting system built-in along with a 'like/love' facility and sharing to FB and Twitter. Each 'entity' (object in your case) can have metadata associated with it. So all you have to do is construct/use a rating widget, then send that rating with the entity attached to your object. To display your rating/comment is as simple as retrieving them from Socialize.

Each object (element from your app) should be associated with an entity which has a unique key in the form of a URL - sort of like a primary key to recognize your items. This entity can have meta-data - any data that you can insert on behalf of your object. Once you do that, you can retrieve that metadata any time you want.

I've been using Socialize for around a year now. They've matured over this period and are always aspiring to be the best at what they do.

Look at the Socialize Bar at the bottom. Its can be customized to your needs.

How to best add a comment/rating system to an android app

What's more - Socialize is free.

As for your questions:

  1. There is comment moderation built into the Socialize Web Component where you can filter out anything you feel is out of place.
  2. Socialize allows you to authenticate through Facebook and Twitter.
  3. Limiting to one comment per user can be achieved by using their User and Comments API.
  4. Socialize has both Anonymous authentication as well as Social A/c authentication. I believe you can remove anonymous auth. So that ensure that every user is authenticated before rating/commenting.


For authentication, you could use OpenID like StackOverflow does or Facebook authentication. Once you have them authentication, it shoud be easy to limit the number of comments to one per user per object. As far as spam, you could follow StackOverflow's model and allow users to vote comments up or down or flag as spam. Perhaps users with comments that have been voted up would have more power and be able to flag comments as spam.


You'll need some sort of rate limiting. I've used this one in this example before.

So you need a table with the user's ID and how many api calls they have left, and then when their last api call was. Then use the algorithm to update the values in the table every time a method is called.


Read through this, I think it should be possible to create an UUID for every case: http://android-developers.blogspot.de/2011/03/identifying-app-installations.html

And then keep a hidden api key which is hard coded, or at least get's everytime calculated the same or in enigma style influenced by the time it is used. But you will be never be sure, that it won't be find out by crackers/hackers and maybe abused, you will always have this Problem.

Authenticate with the UUID of the user + api-key.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜