Android Cookies (Reward for Invites)

Question

I am trying to integrate 'reward for invites' logic. What I am trying to do for this is I generate a unique URl for every user. When a friend clicks on the URL he is directed to a page and then to the playstore. On the page, a cookie with the unique id is stored on the device.

Note - (User may open the link in any browser)

When the app on the device starts, I fetch for the cookies that was saved using above and if available send the same to the Server where the user is easily identified and rewarded.

This looked pretty straight forward, however I am stuck at the point where I have to read the cookie and extract the id.

I read this which says it isn't possible. :( I also tried the below

List<Cookie> cookies = new DefaultHttpClient().getCookieStore()
            .getCookies();
    if (cookies.isEmpty()) {
        System.out.println("None Cookies");
    } else {
        for (int i = 0; i < cookies.size(); i++) {
            System.out.println("Cookie - " + cookies.get(i).toString());
        }
    }

but no luck. I keep getting "None Cookies".

My Questions:

1. Is it possible to read the cookie that was created? If yes how?
2. If no, any alternative on how I can achieve the above functionality?

Thanks for stopping by.

Answer 1

I found an alternative to my above requirement using Campaign Measurement.

This can be done in 3 simple steps in addition to integrating google-play-services_lib.

1. Create your invitation URL.

   Which will be play-store url + your unique code. For example my code is ABCDEX52362XYZ then the url will look like https://play.google.com/store/apps/details?id=com.app.yourappspackagename&referrer=utm_source%3DABCDEX52362XYZ

&referrer=utm_source%3DABCDEX52362XYZ is the important key here. More details about creating this URL is here.

Google says -

When your app is downloaded from Google Play Store, the Play Store app broadcasts an INTENT_REFERRER to your app during installation. This intent contains the value of the referrer parameter of the link used to reach your app's Google Play Store page, if one was present.

2. Add the Google Analytics receiver to your AndroidManifest.xml file

   <receiver android:name="com.app.receiver.ReferrerCatcher" android:exported="true">
       <intent-filter>
         <action android:name="com.android.vending.INSTALL_REFERRER" />
       </intent-filter>
   </receiver>
   

3. Create ReferrerCatcher broadcast receiver to capture the invitation code.

    public class ReferrerCatcher extends BroadcastReceiver {
   
    private static String referrer = "";
   
    @Override
    public void onReceive(Context context, Intent intent) {            
   
       referrer = "";
       Bundle extras = intent.getExtras();
       if (extras != null) {
           referrer = extras.getString("referrer");
           if (referrer != null) {
   
               String invitationCode = referrer.replace("utm_source=",""); 
   
               //referrer is your code plus the google keys, so you need to handle it          
   
           }
       }
   
     }
   
   }
   

Hope this helps. Happy coding. :)

Answer 2

Interesting concept.

As for #1, you'll be violating Android default security protocol where apps cannot read another apps private data. That includes all browser on Android with their cookies are isolated from each other, including your app.

For #2, why not instead put a short pass-phrase (which is easy to remember. Take a cue from gfycat url generation, though maybe try to limit the scope and word size) on that single "success" or "rewards earned" page before redirecting to Play Store? (Not sure if you can embed the play store page in an iframe tag).

Even better, if the url directs to your app landing site but toggles certain element on the page to reveal the passphrase and maybe makes the download button more attractive (even though it just links to the play store page).

User can then use the short unique passphrase to unlock rewards in the app.

I do see great novelty in your idea but this is just a suggestion of course since you can't do much to get around the security policy.