0

I've got an OS X app that I'm distributing outside the App Store. Currently, users go to my website and download a .zip file which contains the code-signed app within. It's very important to me that users don't have to register or create accounts to use my app.

My problem is I'd like to build out referral codes into my app as a way to encourage sharing. Ideally the flow would be something like:

  1. User A opens the app and goes to a menu option to get a unique referral link based on a UUID (to avoid collisions).
  2. User B goes to the unique referral link and downloads the .zip, which is a specially crafted version of the app that contains the referral code. Magic referral behavior is unlocked for User B.

I'm not really concerned about users cheating the system since the code is open-source and the app is free. But since the app is code-signed I can't change it at all (and I definitely don't want to go down the rabbit hole of trying to get my Heroku server to inject a referral code and then re-sign the app), but I'm not above sneaky things like adding the referral code to the name of the app, re-zipping it on the server, and then having the app inspect its own name to extract the referral code.

That, of course, is ugly.* Are there other ways I can cleverly add the referral code to the file metadata? Or is there some completely different approach I can take to otherwise achieve my goal? No solution is too hacky!

* Ugly to the user, that is. We're way past the point of worrying about ugly architecture.

JacobEvelyn
  • 3,901
  • 1
  • 40
  • 51

2 Answers2

1

How about not zipping the app until the referral link is called. Generate an external file with the code and zip that with the app then redirect to download the newly created archive. This is relatively easy using server side scripting. You can embed the code in the file and name the file consistently every time so that when downloaded, the app looks for the file, extracts the code as necessary and deletes the extraneous file.

Jon
  • 1,469
  • 1
  • 14
  • 23
  • Nice thought. I had thought about that earlier but thought it was too risky (what if the user is confused by the extra file and deletes it?) and a bit ugly. In retrospect though it probably hits the sweet spot of providing a decent user experience without resulting in ridiculous code. – JacobEvelyn Sep 30 '15 at 11:42
0

After some experimentation, it appears that among all of the metadata present on files, the only field that's reliably set on different systems (since my Heroku servers don't run OS X) and reliably preserved through the zipping process is the touch timestamp.

I haven't quite gotten the code to completion yet but the current plan is to have the server modify the timestamp of the .app before zipping, and then the program inspects its own timestamp to find its referral code.

If that doesn't work I'll probably go with @Jon's solution above.

JacobEvelyn
  • 3,901
  • 1
  • 40
  • 51