-
Welcome to B4X forum!
B4X is a set of simple and powerful cross platform RAD tools:
- B4A (free) - Android development
- B4J (free) - Desktop and Server development
- B4i - iOS development
- B4R (free) - Arduino, ESP8266 and ESP32 development
Apple Wants Emails Hashed
- Thread starter aeric
- Start date
- Similar Threads Similar Threads
When the user provides their email address to your app, you just store the hash value of it for privacy reasons in a database.
Then when the user wants to reset/change their password, your app will ask for their email. If the hash of their email matches the hash in your database, then that means that is the correct email address for that account and it is then OK to send a password reset email to the just-provided email address (and without storing it in a database).
Then when the user wants to reset/change their password, your app will ask for their email. If the hash of their email matches the hash in your database, then that means that is the correct email address for that account and it is then OK to send a password reset email to the just-provided email address (and without storing it in a database).
When someone says ‘including but not limited to’ they are saying that a situation may include certain things but these are not the only things included. For example, you might say something like ‘the alphabet includes but is not limited to the letters A, B, and C.’
meaning
So it means my app can transfer plain text email (too) to my server? I hate legal terms.
meaning
So it means my app can transfer plain text email (too) to my server? I hate legal terms.
Meaning our database will never contain any email addresses including inside our Logs table.
My question is during user registration, I need to generate a random salt from my app and send the salt together? How can I compare this salted-hashed email with my server hashed emails which was hashed with different salt, to see the user already registered with the same email?
You can read here: https://developer.apple.com/app-store/app-privacy-details/
What do you mean by all email addresses? My concern is one user would send only one email address.
I used to only get the user id and password to register a user in my app. But without an email address, user cannot reset their password if they have forgotten. When I start collecting email addresses, there comes the privacy issue.
When I said "all emails", I meant one email from "all" your customers.
I think yes. All users email should be hashed. No reason for selective users.
However, I have stated in privacy policy that I am not sharing the data to third party for marketing or whatever purpose. So I think it should be fine not to hash the emails.
