Do I need to worry about spam on a mobile app?
I would like to know if spammers have the capabilities to download, crawl and spam mobile apps like they do for web apps. More specifically, is it necessary to authenticate users to the extent that web apps have to? (i.e. captchas or verification links sent to user's email)
Any insight you could provide or even links to other information on this topic would be much appreciated. Thanks!
Also, here is some information more specific to my scenario in case this helps:
I have an existing web app and am currently writing iphone/android apps as an extension of the web app. The web apps and mobile apps use the same database information.
In my web app, I require users to click a link in their email to activate their account after they fill out a "create accoun开发者_开发知识库t" form. However, I would like users to be able to create an account on the mobile app as well but definitely don't want them to have to exit the app to go check their email to click on a link. Ideally, they could just create an account on the mobile app and start using it right away.
My fear is that automated spam bots could create false accounts without any verification on the mobile apps and thus spam the site. Any logged in user is able to add content that is viewable to everyone. Thus, even though sites like Twitter allow a user to create an account on their mobile app and begin using it before verifying the email address, if spam bots have the capability of downloading my app, creating accounts, and posting stuff, then I need to find another way.
Spamming from the App shouldn't be possible, or at least not sensible. At least for iPhone, you would have to have a Jailbroken iOS device per Spambot you want to have running. That sounds too expensive.
As for Android, it would theoretically be possible, but not very likely at the moment. I would recommend going without activation in the beginning and just watching the site a little. You should be doing that anyway.
What we do for our Social Network Apps, is to allow the first (but only the first) Session and require activation for all successive Sessions.
Regardless of a bot's ability to download your application, if someone wanted to, they could download your app themselves then get to work on creating spam accounts. These accounts could then be used by the spammer bots on your web-app. You should keep the same security model that you have now.
A fairly popular way that developers allow for mobile sign-up is to send the user to your website to sign up. This way, you don't have to worry about duplicating your security into multiple mobile apps.
At least use more secure HTTPS for your app's account creation, or else someone could just sniff your protocol off the air and imitate it.
I found this company (http://www.pindropsecurity.com/) which provides security for mobile apps... Most apps (especially messaging & marketing apps) require you to add a phone number in order to create an account. If the spammer puts in a number that is associated with spam/fraud activity, they are able to block it all together. A lot of apps and marketing companies are picking it up.
I think the only people who can answer this would be the spammers themselves. However, given how spammer/hackers seem to keep up with technology, I would say it's only a matter of time before they find a way to spam your app, if they can't already.
精彩评论