Track AppCenter events from serverside instead of from the app to avoid storing key on phone?

effahidvissahideffahidvissahid USMember ✭✭
edited October 2018 in Xamarin.Forms

Hi

I'm using AppCenter.ms to track custom events and I'd rather push all the events **from the server ( .net core) **instead of doing it from the app side.

This is to avoid storing the appcenter secret key on the phone and risking someone getting hold of it as it is a publicly available app.

The idea is to use

(In Startup.cs - Asp.net Core)

AppCenter.Start("SECRETHERE", typeof(Analytics), typeof(Crashes));

When the app makes a call to one of the controllers

Analytics.TrackEvent("EVENTNAME","DATA) from the server side.

This doesn't work ( nothing appears in the analytics window, but it doesn't crash either)

I've been unable to find any documentation about it online. What I am also finding strange is that the app center documentation example makes no attempt to atleast store it secretly ( althought to be fair it is just a simple example ).

Thanks

Answers

  • LandLuLandLu Member, Xamarin Team Xamurai

    I've never heard that AppCenter can be used from the server. https://docs.microsoft.com/en-us/appcenter/ just tells app supporting.
    And if AppCenter let us use this library on client side, the secret key is not easy to be captured by others. And this ID is encrypted, even though some others could get this key. They can do nothing with that.

  • effahidvissahideffahidvissahid USMember ✭✭

    This is exactly what is puzzling me. It is pretty easy to decompile an app and get the secret out, which is what I'm trying to avoid.
    My fall-back plan will be to just use google analytics as they can be used on serverside .

  • effahidvissahideffahidvissahid USMember ✭✭

    @LandLu well if others get hold of this key they can very easily messup the key owner's analytics by spamming . Decompiling the app isn't difficult, and even if the key was encrypted, fiddler /wireshark can be used to easily intercept it.

Sign In or Register to comment.