(Discussion) Possible bans with our authtoken aproach

[jakubsuchybio]

I was just thinking of possible problem with our aproach in storing authtoken:

• When you store authtoken, it acts as if you logged in once until the token expires. Now when we close the app, and enter in before 30minutes at some distant location(like traveling in car could make 50km diff), when token expires, then to the niantic this looks like teleport maybe?
• Shouldn't we always at suspension and closing be logging out to prevent this?
• Or in future support background worker to allow suspended app still run in background thread, so position and other things will be still updating?

[robertmclaws]

I don't think Niantic has a background worker on iOS, so I don't think we should have one either. I'm not sure whether their code logs out on suspension or disconnect, either. What I DO think is that we need to have protections to make sure we're not accidentally spamming their API. Situations like here ST-Apps/PoGo-UWP#884 are a good example... making sure we only try to re-login a certain number of times before we tell you to try again in a few minutes.

[jakubsuchybio]

Well I read about some wrist thing. It has just one button and some color LED and you can actualy log into Pokemon Go and gather pokestops with one button and also catching pokemons with it... That's crazy cheating to me for some $$$...

However I too think that android doesn't have this functionality, so we should probably just stick with logging out and saving credentials for next openning and logging in again.

And I agree, that we should make these logins with timers to protect our users.

[ST-Apps]

The new login/session handling should deal with those issues, but I need more testing.

[DarkAngelFR-zz]

Only ban I'm aware of by some people I fully know and trust : they used some bots and/or IV calculator websites with their account.
One guy told me he got ban with no cheat and playing only on his iPhone, then after talking turns out he logged once on a website with his account to have those hidden info on pokemon.....
From start of PoGoUWP I'm using two accounts (one for play, one for dev) none got banned. The dev account is teleporting a lot and almost never connect to official app, the play one is sometimes being used on android (to clean inventory).

I'm not sure ban comes from our app, anyway good to protect as much as possible (@ST-Apps if you need specific testing do not hesitate 😉)

[ST-Apps]

@WallyCZ found out some differences between the original client and our app, he's working on it.