0

I have an Android app that allow user to post comment. However this mean spammer are able to reverse engineer the services API and create a bot to post spam message automatically.

My research results:

  • Using recaptcha seems nice idea but it ruins the user experience.
  • Limiting accounts per IP is not a good idea cause in Universities and companies lots of people are using the same IP.
  • Limiting action per account is not also a good idea, As the user can spam using bunch of accounts.
  • The best idea I have is to randomly call recaptcha, this is a little better than the fix recaptcha but needs a lot of working on my side.
  • I think this is something that Hidden reCaptcha should solve in Android !

Please let me know if there is a solution for spam prevention in Android apps. Also please tell me if I'm wrong in something.

M at
  • 165
  • 7
  • 4
    What kind of spam are you trying to counter, exactly? Can you rephrase your question to make clear what you are trying to express? I can not follow your thoughts. Spam is usually email spam. android devices are not exactly good MTAs. – Tobi Nary Nov 15 '17 at 08:14
  • @Hector I guess, And by this you mean I should accept there is no real way ? – M at Nov 15 '17 at 08:28
  • 1
    There are several ways suggested in the answers to the linked questions. The fact the client you build is designed for Android makes no difference. Most of your questions are nulled if a combination of the suggested approaches are used. For example recaptcha on sign up, very high failed captcha rate from a single user/ip triggering a temporary ban (from seconds to days), recaptcha triggering on high usage per user etc. – Hector Nov 15 '17 at 08:35
  • 5
    *"Limiting action per account is not also a good idea, As the user can spam using bunch of accounts."* - this is based in the assumption that mass creating of accounts is easy and that you have no real and fast detection of account misuse. You should probably fix these issues then. – Steffen Ullrich Nov 15 '17 at 08:36
  • Thank you all. I'll close the question. any of you provide an answer will be marked. – M at Nov 15 '17 at 08:37

1 Answers1

1

As answers to this question explains, your two main options are rate limiting and captchas. You say you dont want to use these, because rate limiting can be circumvented by creating multiple accounts and captchas are bad for the user experience.

To get around these problems, how about this:

  • Rate limit posts per account
  • Require successfull captcha to register a new account
  • Develop routines to easily block accounts that are found to spam (e.g. by letting users flag spam posts)

The captcha on account creation shouldn't be to intrusive since a user only has to complete it once, and it makes it harder to circument the rate limiting by creating new accounts. If you need stricter measures, require a captcha on each post until a user has provided some non spammy (unflagged) posts.

Anders
  • 64,406
  • 24
  • 178
  • 215