accountKit | Implementation of Facebook 's Account kit on Laravel | REST library

This is the problem of your previous cache store in the derived data folder.

Go to the DerivedData folder. Close XCode. Delete your apps from DerivedData folder. Reopen XCode, clean project and run again.

XCode preference > Locations > Derived Data (click right side icon in the directory path, it will open DerivedData folder)

Select your pod from the left project navigator. > Select Target. > Select "Build Settings". > Build Active Architecture Only to No

Yes, As per official statement : from September 9, 2019: Account Kit will stop integrating with new apps. Existing integrations will continue to function normally.

Source 1,2

Does anyone know why they deprecated it? Any technical insights/learnings?

"The product has yielded high maintenance costs, but relatively low adoption". Read full details here.

What are the alternatives now? or are they planing any successor of it?

They not announce any successor for it as far as i know, but there are many other alternatives available as open source which obviously have certain limitations. What I am using currently will mention here.

• True Caller SDK : It require true caller app to be installed in user device.
• Firebase Phone Authentication
• Third Party SMS API : Obviously, it would be a paid api, Many service providers are available in market. I am not promoting any one here but one is suggested by google itself here called twilio. Just a extra point : In this 3rd case, for understanding the flow "SMS Retriever API" may worth reading for some one.

It was happening only in debug build. After publishing the app the memory leak problem got solved. Still unclear why it would occur in debug build.

I am facing similar error day before yesterday. Just solved it here

Moreover, as mentioned in the latest gradle release notes , you should avoid using dynamic dependencies with version number as:

The autofill feature has been removed in their latest sdk. Reference:

https://developers.facebook.com/support/bugs/704794763310779/ https://developers.facebook.com/support/bugs/615262038994308/

Add the header in your web server response:

PHP sessions are based on Cookies. When a user opens a webpage, PHP set a cookie in response. Browser automatically ensures that in subsequent request, that cookie is also sent in requests, hence $_SESSION variables works. In my opinion, they don't provide much of the security. Instead of User Id, now a malicious user has to get his hands on the Cookies. Always use HTTPS for securing the Requests.

With Android app, you'll be making a custom request, so you'll have to explicitely set the cookie, once received from the very first call (You'll have to persist it on the client-side; Not a good approach).

The usual way of working of session is as following -

1. When $_SESSION is used to set a value for the very first time, PHP sets a Session cookie, which essentially is a random String.
2. Behind the scene (in Backend), PHP is maintaining an Object (key-value pair) against this string value. (SessionKey1 = { key: value, key2: value2 }; this could be on Disk File system or on a Cache layer (e.g Redis), depending on your server configuration)
3. When you set/updated/delete a key in session, SessionKey1 is modified.

Now you can create a similar behaviour for yourself. When userId is found on Android App side, send it to backend, create a row in session table (Session Id as a Random String and UserId as UserId). With each request send this SessionId alongwith the request (in the body or headers), on the backend check if sessionId received exit in Sessions table. If yes, get user Id and process.

Here is an alternative approach (probably a-bit more secure)

When Access Token is found after Account Kit verification

• send it backend
• validate the Token from Facebook APIs (Link)
• Validation API also return user info, map it to your User's Data (from your DB Structure).

(This will ensure that Token is always Valid, user won't be able to put a random token in order to attack as that will fail the verification from Facebook APIs).

Generate a UUID, create a row with

• UUID as sessionId,
• Your userId
• Access Data
• Created At (when row is created)
• Expiry (Current Time + X days)

send this UUID in response.

Now on Android side, save this UUID somewhere. Create a request Intercepter, for all the request set this UUID in a custom header (e.g X--Auth). On backend side for each request, access this Header, check if it's expired, get the User Id from your session table, and proceed.

I think he could very well get information about sessions with a WHERE clause ID_user = ID_user.

Quite right?

You are absolutely right. But, securing the DB layer should be a separate task from the Application development. How do you think a Hacker would be able to execute queries in the first place? If one finds a way to run raw queries on DB, he can do a lot more damage than just extracting the data.

If I'm right, then what's safer than what I do?

There is not right answer, you just have to do your best to secure the application. Ensure that your application is following best security practices. For example - Use HTTPS, preventing SQL Injection.s (Search for OWASP Vulnerabilities)

Perhaps display the AlertDialog in onCreate() of your main page. Create a SharedPreference value that tracks whether the AlertDialog has been shown previously, and only display it if it hasn't.

What you need to do is just use CountDownTimer to let system load and be ready to let your code be execute right way.

Hope this helped you.