Loving the app -- thanks for allowing me to test it. I have had no problems since downloading yesterday.
you all are lucky to beta test. Cant wait to get to purchase and use it from what i am hearing you all say about it
That's very unfortunate. I'm conscious of managing my privacy, and won't use any services that ask for data that they simply don't need to have.
2. There's a bit of discussion about the social login. These days, most users will have one of the 4 options provided. One of the main reasons we didn't elect to do a user name and password is simply because it's actually less secure to do that. It would mean we would have to store your username and a one way hash of your password on our servers.
Considering how many people use the same password for multiple services, there's an added liability on us if we store your passwords that I'd rather avoid. I won't get into details about how OAUTH2 works exactly, but basically now if your social 'token' gets exposed from our servers (which are hosted securely in Azure by the way), the worst someone could do with it is see your name and email address. We don't collect any personal information other than storing your email address locally on your device so that we can display it in the top left corner of the slide out menu in the app. That's it.
And you can create a brand new Gmail address with all fake data only used for PoolMath if you really want to keep it separate.
As you can see, it's actually LESS SECURE to have TFP handling a username/password hash. By using the Social login method, the only thing that could possibly get "hacked" is the password hash token that the social media company would provide. That would enable a hacker to figure out....your name and e-mail address....so even if they obtained the token info, it could not be used anywhere else.
It's certainly up to you, but the app will be using social media logins for the time being until such a time in a future update as when it might get linked to your TFP credentials.
Thanks for the references to the previous posts. They were informative.
Security isn't my concern.
I'm unclear as to why it's asking for access to read my Tweets and see who follows me, when logging in with Twitter. Twitter was the only one of the four that told me what it planned to do with the access before it was granted.
I understand and appreciate the desire to sync data between devices. Supporting both iOS and Android is likely what's led to using a less conventional sync service, correct? I know more about iOS than Android, and many iOS apps use iCloud services to sync data between devices. I believe Apple has an API built to simplify this.
Other cross-platform apps I use have used services like Dropbox as their sync system, which I'm much more comfortable with from a privacy perspective. Yes, I know it's had some security concerns.
I'm not hear to argue or change anyone's opinion. I'm simply expressing why I won't be using the app. It's an unfortunate design decision, in my opinion.
Thanks. I'm not attempting to raise any levels of paranoia, I'm simply stating what is important to me. I'm not concerned about these companies accessing pool data--I'm concerned about them knowing more about me. And yes, they get another data point each time I use them as an authentication service. That's one of the reasons they offer an authentication service, after all.
Why don't you go back and read through some of the threads on this issues, especially Posts #190 and #220. This from Post #190 -
As you can see, it's actually LESS SECURE to have TFP handling a username/password hash. By using the Social login method, the only thing that could possibly get "hacked" is the password hash token that the social media company would provide. That would enable a hacker to figure out....your name and e-mail address....so even if they obtained the token info, it could not be used anywhere else.
If TFP stored a username and password for you, and you ever used that password somewhere else, and the app or site got hacked such that they could decrypt usernames and passwords, then that is a MUCH bigger exposure.
It's certainly up to you, but the app will be using social media logins for the time being until such a time in a future update as when it might get linked to your TFP credentials.
So far so good. I don't like that I have to authenticate to an external service to use it. There is no reason for it.
Why is a login needed? You are already authenticated to your phone. Why is another login to use the app needed at all? Be it tfp or another authenticator.