[CLOSED] Google Integrity API with Appwrite

what you can do is generate a SHA-1 key of your app. You can then create a function that checks if the SHA-1 key sent from the app matches the one stored in the function. If it matches, allow the app to access whatever

TL;DR

The thread is discussing the use of the Google Integrity API with Appwrite. The main concern is the potential slowdown and resource consumption caused by validating the integrity of every request. The thread also mentions the issue of bots and abuse in forms, as well as the difficulty of preventing scraping of data. One suggested solution is to use the Play Integrity API, which uses SHA-1 keys for validation. The process involves the app making a request to the Play Integrity API and receiving a token, which is then sent to a back-end server to be used in the Play Integrity API. The API returns a response about the client. Overall, the thread

You can run this function whenever someone opens the app

It's not that tough and is a simple solution.

for this we have to store sha-1 key in apk

No that's the beauty

and its very easy to get this by decompiling this apk

SHA-1 keys can be generated per-app

so if you generate an SHA-1 key for your app, that's what will be used

and you can even encrypt it before sending to the function

look I might be very wrong cuz I'm on some stronmg medication, but give it a try

If it doesn't work, just go with the Play Integrity API. I don't see what the issue is if you really want to use the Integrity API

The play store integrity API uses the sha-1. As recommended, you can use the play integrity API in your function to validate the app and then return the data.

I've never used it before, but I believe the flow is:

App makes a request to the play integrity API and gets some response with a token
App sends the token to some back end server
Back end server uses the token and sends it to the play integrity API
Play integrity API returns with some response about the client

Found this:

IMO this just isn't worth the time. If any logged in users has access to 10k questions, there is no reasonably easy way to prevent them from running a javascript script to scrape the data.

Absolutely. If someone can login for free and access this data from your REAL app, doesn't make sense to validate integrity of the origin.

Some websites like udemy go to significant lengths to restrict scraping and that works well for videos but not for text. This is my limited experience but I have two courses from udemy with tests and I can download them all from brave using Ctrl+P(but not from chrome, firefox or edge)

^ As soon as data arrives on your user's device, there is nothing you can do except the threat of legal action

This could be very useful to prevent bots in logins

And abuse in forms

(from bots too)

(more common than you could think: https://discord.com/channels/564160730845151244/785173052496543824/1113124444538425424)

Also for critical operations, or making regular checks, but making integrity validation of every request will make everything slower and consume both phone and server resources and energy

[CLOSED] Google Integrity API with Appwrite

We're tracking feedback for this feature here: https://github.com/appwrite/appwrite/issues/4791

Reply

Reply to this thread by joining our Discord

Reply on Discord

Need support?

Join our Discord

Get premium support

[CLOSED] Google Integrity API with Appwrite

Recommended threads

Need support?

Join our Discord

Get premium support