Apple Requirements: Blocking Users with Firebase in a User-Generated Content Social Media App

[Edison Espinosa]

So, I finished about 80% of my app and was going to submit to start Beta Testing my app.

When I was hit with this message after it being rejected:

Your App Enables the display of user generate content, but does not have the proper precautions in place

To resolve this issue, please revise your app to implement all of the following precautions:
Require that users agree to terms (EULA) and these terms must make it clear that there is no tolerance for objectionable content or abusive users (This is done.)

- A method for filtering objectionable content (How would I do this)
- A mechanism for users to flag objectionable content 
- A mechanism for users to block abusive users
- The developer must act on objectionable content reports within 24 hours by removing the content and ejecting the user who provided the offending content

I've been trying to find things for this, but I've been rather unsuccessful.

Have any of you done this? Are there projects, Out there, that I can see how this is done? Any help or guidance would be huge.

[Kato Richardson]

Hi Edison,

Our codelabs cover some image moderation techniques using this sample.  That's probably a great starting point.

Providing a way to flag objectionable content should be a straightforward UI task.

Blocking objectionable users could be accomplished by storing info in the DB for use in security rules and/or adding custom claims to the auth credentials.

☼, Kato

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/902c675b-c5a0-4a9e-b527-e1bd05eb88c3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Kato Richardson |

Developer Programs Eng |

kato...@google.com |

775-235-8398

[Edison Espinosa]

Thank you so much! I will see what I can do with this.

This might be exactly what I needed.

[Edison Espinosa]

Kato, I managed to implement the image moderation. 

I'm having trouble now with blocking users.

The adding custom claims i feel isn't the way.

My app is just like any other social media app, in which you block users on your own without the need of an Administrator.

so the logic, would be just to not see the other's content (posts, allowed to find in search, and allowed to message).

how would i store that info in DB, and update the security rules.

i figure storing that info, would be the same as blocking correct?

i already build following into my app and could create a blocking node

but again i don't want to revoke the blocked user's access to the app, just to seeing that one users info...

{

  "rules": {

    ".read": "auth != null",

    ".write": "auth != null"

  }

}

On Tuesday, April 24, 2018 at 3:40:11 PM UTC-4, Kato Richardson wrote:

[Ios Dev]

For moderating text, you could use the bad-words npm package - it works well enough for me.

For blocking users, couldn't you maintain some kind of block map between pairs of users like

blocks: {

  userId1: {

    blockedUserId2: true,

    blockedUserId3: true

  }

}

This would mean that blockedUserId[2,3] could not post a comment on something that userId1 created, nor could they message userId1.  Even further, when userId1 was viewing posts by other users, they wouldn't see any comments by blockedUserId[2,3] or see blockedUserId[2,3]'s authored posts, but this is really more like "muting" than blocking.

Wouldn't this be easy enough to do with validation rules or with firebase cloud functions?

Good luck and let us know what you figure out.  :-)

[Edison Espinosa]

so i actually built out some nodes about blocked users and all of that. See the image.

Now, i'm very new to swift &  programming  and firebase.

So i'm not quite sure how to use firebase security rules, cloud functions are a bit harder.

now this is what i tried with validation rules/security rules, but when i implemented this, i couldn't see anything for no user. except their profile image. not even the user who was logged in and who had nothing to do with being a blocker or blocked, could see any info. 

So, any tips on how i can structure my database security rules, would be huge

{

  "rules": {

    "users": {

      "$user_id": {

        // only messages from the last ten minutes can be read

        ".read": "auth != null && !root.child('blocked/'+$user_id+'/'+auth.uid+'/true').exists()",

        ".write": "$user_id === auth.uid"

      }

    }

  }

}

[Cory DesignedIt]

hey Edison I seems we are on the same path do you have any tips or advice on how you accomplished this task. I just received the same rejection from apple. so far I've managed to implement the Eula requirements but now im stuck.