Detect Toast Notification from the particular application - windows-store-apps

I have two application both of them send toast notifications, I want to detect the Toast Notification from the particular application.On search I findpublic ToastNotificationHistoryChangedTrigger(string applicationId),what would be the application ID during development?

What would be the application ID during development?
Here is the MSDN documentation for the parameter:
The identifier of the app for which you want to create an instance of
the ToastNotificationHistoryChangedTrigger class.
More searching on MSDN, here is more info about application identity, which will appear in the package manifest:
<Application Id = An ASCII string between 1 and 64 characters in length.
The unique identifier of the application within the package. This
value is sometimes referred to as the package-relative app identifier
(PRAID). The ID is unique within the package but not globally. There
may be another package on the system that uses the same ID. The same
ID cannot be used more than once in the same package.
So it means both applications need to exist in the same package. I don't know how is that possible right now and I doubt that it is your case. Most likely, you have multiple packages, one for each app. In this case, you can use AppServices to communicate between the two apps.
Edit
Here explains about multiple app packages, it is supported for side loading and not the store.
You can create a multi-app package for side-loading, just not to
deploy through the store. When the user installs the package they'll
get all of the apps, and the apps will all share the same security
context, local data, etc.

Related

Can I code sign a Windows Store App with a trusted code signing certificate?

We have a Windows UWP app that is currently in the Microsoft store. The project includes a store association file which contains publisher attributes one of which is the Common Name. Our store account shows the CN as a string value resembling a GUID. It shows the Display Name as our company name. In Visual Studio we can build the app for sideloading and code sign with a self-signed certificate in which the certificate’s CN is the same as the Store CN (GUID like string). This allows us to sideload new versions of the app over the store version for testing and getting new features to specific customers quickly. Then the sideloaded version can eventually be updated with newer published store versions.
My question is this: We would like to sign the app with a Code Signing Certificate we purchase from a trusted certificate authority. The problem is trusted code signing certificates must have the Common Name as the company name. We seem to only be able to sign the app with a certificate that has the Common Name equal to the CN in the store association file (GUID like string). Is this a known limitation to store associated apps or are we missing something?
TLDR; Any app published in the MS Store will be signed only with Microsoft's certificates. You cannot use your own certificate to publish an app in the store.
If you use your own certificate to sign the package you need to provide an external link for users to get your app. You can use the AppInstaller protocol for that.
The GUID that you see in the CN (for the certificate generated automatically by VS) is actually a "private key"-like mechanism that MSFT uses to ensure that the app published in the store is actually submitted by its real owner (i.e. I assume to avoid some kind of man in the middle attack where an attacker could somehow upload a corrupted version of your app).
Once your app gets in the store and passes all the validations MSFT will sign it with their own certificate. I suppose this is how the AppInstaller service (or the Store app from Windows 10) will know it is ok to trust any app signed with their certificate.

Android Management API: List of Enterprises/Policies?

This is driving me nuts. I've successfully followed the Android Management API Quickstart to create a project/enterprise/policy and install it on a device.
I stupidly didn't write down the enterprise or policy IDs. I tried to create a new set, but the non-enterprise email now gives an error that it's already part of another EMM.
Is there a place in the console where I can see a list of the enterprises and/or policies that I've created? Where are these stored?
Edit: I found the enterprises.get method in the API but if I put enterprises/* in the name field (per the validation) I get a 400 error indicating Invalid enterprise id. Provide a valid id. so I'm unsure how to move forward.
You can find the enterprise you created by logging into play.google.com/work with the account that was used to create it.
Click on Admin Settings to see the Organization name and Organization ID
And to find the policies of all the devices you have enrolled to this enterprise, you can simply call the API - enterprises.devices.list entering the parent in the form enterprises/{enterpriseId} [ enterpriseId here is the OrganizationID that you get from the above steps ]
This would list all the devices attached to the enterprise and in the response you can find policyName of each device.

What is the difference between advertising identifier and app instance id?

I use Firebase Analytics on a mobile app, and try to track user property by advertising identifier. But now I also use appInstanceId for app user identification.
I read the official document about tracking advertising identifier on Firebase and understand about what kind of data we can track.
But I don't understand about the difference of definition between appInstanceId.
Are these two id generated in a different way? (I think advertising identifier is device-specific, while appInstanceId is app-specific. Is it true?)
Can I track the advertising identifier itself on Firebase and check the value of it? (appInstanceId is automatically tracked, and we can export the value to BigQuery)
Yes, advertising identifier is device specific. If you have 2 apps on the same device, they will report the same advertising identifier unless the user set limit ad tracking to true on their iOS device. App instance ID is unique among apps on the same device, and it doesn't depend on the advertising identifier. On iOS, you can get it yourself using AdSupport framework. Firebase console doesn't show you the raw data of IDFA so you might want to track it using custom user property and query it using Big Query.

Securely storage

My app contain a security key which I need to send every time I call web service.
The code is not provided by the user, it's in the code and it won't be changed.
For now I store the key as a string in code.
I need to store it somewhere, the ideal solution would be .config file where I could store it in appSettings and I could also encode the file. I know that there is not such a file available in WP, but what is the WP alternative.
Do you know any way I can securely store the security key?
Thanks in advance.
Instead of securely storing the key with your xap, use your server to distribute key to the app.
When your app opens for the first time, get the key from server, encrypt it and store it in IsolatedStorageSettings. For subsequent app sessions, decrypt and use the same.
The current scenario is, all XAPs on store are encrypted and there is no way to get access to your dll without interop unlock. However, if you are not doing a Silverlight application and instead do a WinRT application, the APPX package is not encrypted and anyone can download it from the store.
If you are going with a Silverlight app, it is secure enough to put the key in IsolatedStorageSettings after encrypting. If it is a WinRT app, you can get the key from your server.

How does one use oauth in a FLOSS app where we can't keep a secret key?

How does one use oauth in a FLOSS app where we can't keep a secret key? If other see the secret and the key, can't he use it to use the user account as if he where me?
I have dealt with the issue in my own open source Twitter apps.
You do NOT distribute the ConsumerKey or ConsumerKeySecret with your source code. A reasonable approach is to create two constants/global variables (or whatever) that hold these values, and these are EMPTY in the source that you publish. Include some documentation that explains to other developers how to acquire their own keys and how to modify the source to install them.
If you are distributing compiled binaries, you would compile with the ConsumerKey and ConsumerKeySecret values populated so the application runs.
There is no -perfectly secure- way to handle this; it's the nature of OAuth. You can, however, be -reasonably- secure, and that's what this approach achieves.