maybe a stupid question, but ... We use the "new" ios facebook connect sdk (https://github.com/facebook/facebook-ios-sdk), and a few questions come to your mind.
In the old sdk, you will need to pass the "secret key" (known only to you) in order to get a session so that you can use the facebook api, it made sense.
With the new sdk, all you need to transfer is the “Application ID” and then the user logs in, after which he can post any message and it will look as if my application (facebook application identified by the application ID) sent it.
This makes no sense to us if someone gets our application identifier (not mentioned anywhere in any secret), he / she (without any problems) has the ability to publish, as if he was the owner of our facebook application .
Can someone explain this and how to prevent this with this new SDK?
A few more issues that we don’t know about are:
- in the facebook settings application, there is a choice between “Native application” and “HTML5 / mobile network”; currently our installed HTML5 / Mobile network (which is default), what is the deal here? perhaps this correlates with the previous problem?
- There are two more settings: "iOS Bundle ID" and "iTunes App Store ID" again it is not clear what they are used for. Currently, none of these is our application, and we can present the walls of the user without problems using the "application identifier" only in our iPhone.
Any tips and tricks appreciated! Thanx, -tzurs
source share