Menu
In the Facebook App Settings ☞ Advanced ☞ Authentication I can pick "Web" or "Native/Desktop" as App Type. The info bubble says:
Only select Native/Desktop if you are a Native iOS or Android app, device, or Desktop app
Actually I am none of those but my app is a Native iOS App as well as a Facebook Page Tab.
Question: Which App Type should I pick?
I did some research and found the following in the Facebook Android Tutorial (under Troubleshoot):
- App type Web vs Native/Desktop. Does it matter?: No, it does not matter. However it's recommended to use the type 'Native/Desktop' for your app.
What does it mean it does not matter? That does not make sense to me. Why should I have a choice then?
I did some more research on SO and found this statement by @Igy (dev support engineer at Facebook):
If the app's type is set to 'Native / Desktop' it's assumed you distributed the app's secret key with the binary, and thus the app access token isn't trusted (and 'getAccessToken' in the PHP SDK will only work when real users log in, it can't fall back to the app token)
Finally I found this in the Facebook documentation:
Note: Applications that are configured as Native/Desktop apps will not be able to make API calls that require an application
access_token.
I do need to make API calls which require an access token from my page tab app, hence my conclusion is to pick "Web" as the App Type, although I'm having a native iOS app using the same app ID as the page tab app. But will that have any drawbacks on the iOS app?
911
The Facebook Platform is the set of services, tools, and products provided by the social networking service Facebook for third-party developers to create their own applications and services that access data in Facebook. The current Facebook Platform was launched in 2010 .
You can use Facebook to stay connected on many devices including iPhone, iPad, and Android. To see what's new with the app and install the latest version, you can go to the Facebook for Mobile page or visit your phone's app store (ex: iTunes App Store, or Google Play Store).
A well-designed mobile app can perform actions much quicker than a mobile website. Apps usually store their data locally on mobile devices, unlike websites that generally use web servers. For this reason, data retrieval happens swiftly in mobile apps.
The winnerThe Facebook application is the best in terms of energy consumption, with an overall score of 14.06 mAh to 26.33 mAh, i.e. 39% less battery consumption compared to its web version. However, the web version on Chrome displaying Facebook consumes 71% less data on the user scenario side.
TL;DR: use 'web' unless you're putting the app secret into the iOS / Android binary
The primary difference (and also the reason that it says 'it doesn't matter' while also giving a recommendation) is that if you choose 'native/desktop' mode, it's assumed that you distribute the app binary with the application secret embedded and the app secret is considered untrusted.
In this configuration, API calls which use the app secret (e.g. creating test users, making API calls on behalf of the app itself like changing app settings, posting achievements, etc) will not work.
If your app doesn't need to use the app secret / app access token, setting it to native/desktop increases the security somewhat as there's one less attack vector for your app.
If you're distributing the app secret with your code you MUST use that option or users could easily determine the app secret and hijack the app itself.
81
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
