How do free SMS apps like Pinger work? - mobile

I want to build an app whose core functionality is essentially the same as Pinger and other free SMS apps - that is, it needs to allow for texting without going through your phone's service provider by sending the data over the web. But I can't find any APIs or explanations as to how this is accomplished.
Pinger assigns you a phone number to use, which I assume means it must also run its own SMS gateways. But I don't know how to do either of these things (assign valid phone number and create SMS gateways), or whether I can even do them on my own and purely programatically. Does anybody know where I can find this information?
TL;DR: Essentially, I need to know how to create my own Pinger/free SMS app. My app will be different, but will employ the same underlying functionality.

SMS messages are not free to send and this is why Pinger's business model is based on advertising when you send and receive their messages, see http://www.pinger.com/content/advertise.html
In order to do this yourself you would need to work with one of the companies that offers a SMS gateway. You could use a whole bunch of different providers, take a look at this post I previously made with some of them How to send SMS programatically in a professional and reliable way?
I also add, you would need to work out a suitable business model to pay for the SMS messages you plan to send :-).

Related

how to send email on Code Name One using Gmail Api

I want to know if There Is a solution to send an email on a Code Name One app using Gmail Api,
i have an exception When i m using javaxmail,
error: cannot find symbol
import java.util.Properties;
symbol: class Properties
thanks in Advance.
You can use Display.sendMessage to send an email in Codename One. However, this is an "interactive" API that will launch the users email client and he'll need to press send to perform the actual emailing.
Alternatively you can use the sendgrid cn1lib to send an email via sendgrid. I would recommend against that though. If you send an email from the device that means your credentials (password etc.) would be on the device. A better way would be to contact your backend server and ask it to send the email for you. That way a hacker can't decompile your app and find out your credentials.
I agree with Shai's response, I'd just like to add a few more thoughts.
Sending emails from a mobile application (regardless of whether it is developed with Codename One) has two major problems:
the first problem, as mentioned by Shai, concerns the credentials: putting your Gmail account inside the client app code is a very bad idea;
the second problem is specifically about Gmail, since you're not referring to a generic mail service, but to Gmail itself: Stack Overflow is not the place to make recommendations on which services to use, however I can tell you why Gmail is probably not what you want to use. The main problem is that Gmail, when used for "third-party apps" (which Gmail considers insecure), doesn't allow you to change IP addresses frequently: if it notices an IP change, it blocks the service and forces you to manually unblock it in the security settings. Obviously the problem is minor if Gmail is contacted by your server that has a static IP address, but it becomes a big problem if Gmail is contacted directly from your users' phones, each of which will have a different IP.
That said, if your app made with Codename One needs to send emails (e.g. to activate new users), I recommend:
your app can use Codename One's Rest class to make a REST call to your RESTful server backend;
in your server, you could use an alternative service to Gmail that doesn't give problems if you change the server IP address every now and then or if you use the server both locally and remotely. For what is my experience, I can tell you that on my Spring Boot server I use org.springframework.mail.javamail.JavaMailSender, which is compatible with various mail services (just for information, I use a free ZohoMail account, however there may be many other alternative and equally valid mail services that I do not know).
As for using Codename One's Rest class, I'll point you to the developer guide (https://www.codenameone.com/developer-guide.html#_rest_api) and to this blog posts: https://www.codenameone.com/blog/terse-rest-api.html and https://www.codenameone.com/blog/new-rest-calls.html
When making Rest calls with Codename One, always keep in mind that there may be no Internet connection or other connectivity issues (or server-side errors), so careful handling of possible errors is critical.

How to send user data to developer? Xcode/Swift

I'm creating my first application that requires me to update the app based on user input. I've been searching for the best way to send input to me. For example, I have a button that when the user presses I would like to send me the information they've added to a text field. Being new to this, I thought this could be done by simply sending the information to a specified email, but from what I've researched I will need some sort of database. Looking through the Apple Developer Documentation I don't even know which topic I should be looking at to figure this out, any help or direction would be very helpful!
You need to setup a server (using an API) to receive the information.
Usually you will use a webservice to receive the info from the app, although there are other ways to do that.
Sending an email through iOs would require the user to accept the email that is being sent, so doesn't look like a good idea.
Take a look at some options available to create webservices (django rest framework or flask), Google's Firebase also can be handy in this situation, since is only integrating it with your app and storing the data you want to store, with easy integration for Authentication and user tracking.

Secure / Authenticated interaction from a WP7 app

I am working on a WP7 application. This WP7 application will interact with some web services that I have created. I do not want other applications interacting with these web services. The reason why is because I do not want them stealing my data. With that in mind, here is what I'm currently doing:
Connecting to web services via HTTPS
Making my users initially login to the application
Passing the users username / password with each web service interaction
At this time, I don't see what is stopping a malicious developer from creating a username / password combo and using that account in their application to interact with my web services. How do I really lock this thing down?
Thanks!
As a start towards a more secure system you should stop storing the password and sending it over the wire with each request (even if you're using SSL).
If you must pass it with each request, store a salted hash of the password and use that instead.
I'm using a multi layered approach to this problem. I recommend thinking creatively and using a variety of methods to validate that requests are coming from devices you expect requests to come from.
Alternatively, if there is any merit in your scenario, open up your api to 3rd party developers and make this work toward your objectives.
If you do decide to store a key in your app, don't store RAW text but instead declare a byte array of the UTF8 values, this won't be as easy to read.
You can then handshake with your service using a salted hash of the key the first time the app is run, the service hands out another key for the device to actually use day-to-day.
The phone should have an almost accurate time, so you can recalculate the key each day or hour. You can also revoke the key at the server end for just that device.
This API will be useful in ensuring you can blacklist a device permanently.
DeviceExtendedProperties.GetValue(“DeviceUniqueId”).ToByte();
I've not looked into symmetric encryption by you might even be able to use the above unique ID as a private key.
I think the key to success is that first hand-shake, and ensuring that is not snooped. If it's a really important system, then don't use any of these ideas since rolling your own encryption is always flimsy to anyone with serious intent - use well-known methods and read up.
Luke
You could introduce an "Authorized Application ID" feature where the application sends its name or identifier within each HTTP request body. Then on the server side you can verify the application's identity (e.g. store the authorized app ID's in a table). The application ID would be encrypted within the HTTP(S) body.
This would also give you the option of pushing out new application ID's in updated versions of the WP7 application if you wanted to get rid of an older application ID. You'd also be able support new applications on difference devices or platforms in the future.
You may want to look at this
http://channel9.msdn.com/Blogs/Jafa/Windows-Phone-7-Trade-Me-Developer-Starter-Kit

Sending Programmatic Email Messages

I'm looking to send email messages programmatically from my websites. For example, if people register their email address, I would like to email them to confirm their email address. To do this I will need to use an email sending tool and plug into an smtp service. In the past (7 or so years ago) I used Jmail, however, I am not sure what are the best services to use today and how spam filters have envolved!
I have three specific questions:
Does it matter which service I use to send emails programmatically (e.g., PhpMail, Jmail, etc.)? If so, which tools would you recommend?
How should I host this tool? I plan on sending a large volume of emails (thousands to hundreds of thousands). Would it make sense to use google-app-engine mail service to do this, or should I just host it on my own server (e.g., have my own SMTP server)?
I don't want my emails to be sent to spam folders, how can I ensure that the emails are received by the users?
Thanks!
No, you don't need your own. Based on the tags of your message, I'm going to assume you are using java and deploying your app on Google App Engine?
http://code.google.com/appengine/docs/java/mail/

Text message (SMS) verification for signups

I have seen a disturbing trend where websites are starting to require verification sent to cellphones by text message (SMS). Gmail and Facebook are two of them. What I want to know are the following:
Is it a good idea to start requiring cellphones instead of emails now?
How do I do it on my own website?
Edit
Here are some of my new questions on the topic in response to the answers:
I see that most of you are saying that SMS registrations is ok. But what about the people who don't have cell phones? And why is it accepted to give out your cell phone information freely?
Do those big providers really pay per message to a gateway service? Is it not possible to set up a server with the correct SMS software, or at least buy a subscription directly instead of having a middleman?
Most SMS Gateway services have some kind of API. An HTTP interface seems to be the norm.
Just make sure you sign up for a service that allows receiving of messages because not all do. It's more work for them since they have to send some kind of data back to you.
Some services offer send receipts too which lets you see if the receiver got the SMS.
Some examples follows.
Esendex API docs
TxtLocal
In regard to question number one, I think Commander Keen's advice is sound.
It is a good idea if you want to limit the number of fake accounts. I see it used lots in local newspapers here in Norway. I guess it makes people think twice before posting useless crap on their discussion forums.
But do you really hate your users that much? Gmail and Facebook are big enough now that people will accept jumping a few hurdles to use the service, but you need something really interesting to make the user accept this inconvenience.
SMS is the reason I can't use App Engine ().
The first problem is that some people do not have cell phone. I can use Facebook almost completely without validating cell, but uses CAPTCHA to get through certain actions. Therefore, CAPTCHA is one of the good alternatives.
I personally think, cell phone stuff belongs to cell phones and should not be in the Web.
What if every forum admins and newbie PHP developers in the world used SMS validation and someone hacked (cracked) into their database? Do you trust a small forum? Is anti-fraud measure required so desperately?
If your site is very large and popular, it may be good to get SMS validation.
As a member of CS Networks Support team. I am going to give you some answers.
People use their cell phones as a medium of verification, so the service providers can be sure that registered member is not a bot or something else.
Yes it is true. Big providers pay for SMS gateway services. Yes it is possible to have an infrastructure like that, but it is recommended that you have a team of people that are in this business for a long period of time.
The one main reason for using SMS as a way of authentication is that you link the account to a mobile phone, which effectively reduces the chance of fake user accounts by a very large margin.
To implement this feature, you will need to sign an agreement with a SMS Gateway that has coverage for the countries (and operators) that your customers are located in..
Most SMS Gateways can easily be integrated in your software, and will most often provide you with access to all the mobile operators that you require.
I would not recommend using an email to sms gateway if you can use an API, as these are most often less responsive than using a proper API to send messages, where you will get a live connection with the SMS gateway itself, not an email server in front of the gateway.
Examples of SMS Gateway providers:
PSWinCom - www.pswin.com (Note: I am employed in this company.)
Clickatell - www.clickatell.com
HSL - http://www.hslsms.com/
Answer to 1st question: One reason which I can think of that led Gmail and Facebook to follow this trend is the emergence of bogus accounts. Now-a-days, there are use-n-throw email availabe for free like www.10minutemail.com which gives u an email address for 10 minutes. So the use can take such an email address and start a new account in the site.
But in the case of 'sms'-registration, I dont know of any such use-n-throw service provider. So everyone needs to give his own number for registration. This leads to registration by legitimate users.
Answer to 2nd question: This depends on which language u are using. Moreover, you may need a SMS gateway to achieve this.
Since you dont care about the language, try to look for SMS gateway for sending sms through computer or your web server. Some of the cellphone network providers provide an email service to send sms to a phone. For example, you are sending an sms to +910123456789 of 'xyz' network provider, you just need send the sms in the body of an email with the to-address as +910123456789#xyzmail.com
'xyzmail' part of the mail address will change according to the network provider. Plus this option is not found to be reliabe.
check out TeleSign.com
they offer phone verification solutions that you can implement into your website
phone verification is a way to reduce fraud and spam significantly
There's a trust issue here that goes both ways. If you're the provider of a service that can be spammed, you can trust that your users are people and that their email addresses are legitimate. This is probably irrational. Or you can force your users to trust that you'll deal with their cell number information safely. Many users will feel this is irrational.
And then there are people without cell phones (I happen to be one). Most discussions on the web aren't very important, but if you're trying to foster a discussion on anything important, limiting the discussion to people that have cell phones and know how to receive text messages will limit your discussion to the viewpoints of the rich and technologically savvy. If you're providing an important service like email, a texting requirement sets up a barrier to entry and saps the democratizing power of the web. It amounts to shunting the cost of your spam problem onto the disadvantaged. To me, that's unacceptable. Again, though, if your site is just inane pop culture or a marketing exercise, as most are, who cares, go right ahead.

Resources