| Pocket MAL & MALClient no longer work and the official app still sucks. |
PsychoticDaveMay 24, 2018 6:00 AM
| mal disabled their api so apps can't communicate with the main site anymore. also part of the mass password reset event earlier. iatgof said for their app, mal hasn't given any info on when it will be resolved |
 |
| Please contact DeNA's Customer Support for information. |
| I encourage all to contact customer support. Disabling api may not be serious for some, but it is for me. |
| I can confirm that MAL is not providing any info on when things may be fixed for third party applications. If you don't like the situation, the best option is to flood Customer Support, which is handled by owner DeNA with issues. Remember to be polite if you do write, the people answering the tickets aren't responsible for the situation. The idea is to show demand for a fix, not vent anger. |
| Developer, sysadmin, and anime addict. Have an Android smartphone? Try Atarashii! |
motoko said: I can confirm that MAL is not providing any info on when things may be fixed for third party applications. If you don't like the situation, the best option is to flood Customer Support, which is handled by owner DeNA with issues. Remember to be polite if you do write, the people answering the tickets aren't responsible for the situation. The idea is to show demand for a fix, not vent anger. I already did when Kineta said to. I just said third-party applications can no longer connect and MAL isn't as convenient as it was. |
OK thanks, I've done that. If you come across an ETA on when third party aps would be restored, that would be greatly appreciated if you could share it with us! |
| Funfact: You at least still can check when your friends were on last time ... And the recent anime you added via the page is also updated. Just most important part of those apps obviously being involved. |
Shishio-kun said: Zero ETA. It's indefinite. OK thanks, I've done that. If you come across an ETA on when third party aps would be restored, that would be greatly appreciated if you could share it with us! |
 |
Tyrel said: Shishio-kun said: Zero ETA. It's indefinite. OK thanks, I've done that. If you come across an ETA on when third party aps would be restored, that would be greatly appreciated if you could share it with us! Ouch! Thanks though for the update. Indefinite is better than permanent! |
Indefinite is a nice way to say "permanent" when you're leaning that way but don't want the blowback as hard. |
| Developer, sysadmin, and anime addict. Have an Android smartphone? Try Atarashii! |
motoko said: Indefinite is a nice way to say "permanent" when you're leaning that way but don't want the blowback as hard. lol yeah. Getting flashbacks to craveonline and the img-kun incident |
| Well damn.. SO no idea when the app/apps will start working D: |
 Check out~ ♥ Some quality AMV:s made with love ♥ My Youtube |
Steeljackrabbit said: motoko said: do you know that as a fact or is that pure conjecture?Indefinite is a nice way to say "permanent" when you're leaning that way but don't want the blowback as hard. Conjecture with a bit of experience with the service. Call it an educated guess. There's a lot of difference between "We don't know when or if it's coming back" and "We're working to restore access as soon as possible". Both are indefinite, but only one shows an actual intent to fix things. MAL has provided the equivalent of the first one to developers. |
| Developer, sysadmin, and anime addict. Have an Android smartphone? Try Atarashii! |
Steeljackrabbit said: I'm just really irritated with this decision. Us developers are pretty irritated too, especially ones with active applications that then get a ton of nasty messages over this. Keiggard said: It's a decent guess, this is the danger of building on someone else's platform they can pull the plug at any time. Typically that is made known upfront or a warning is given. That's the irritating thing. They had actually been working with several third-party developers to build a modern improved API, and even had it open for testing before suddenly closing it a few weeks ago. Now they did this without warning. I mean, if that outreach hadn't happened and everyone was still stuck with scraping HTML and using the ancient "API", then it may be a bit more understandable. With the recent actions they have taken, it feels like malicious betrayal, even if it is not. Unfortunately, there seems to be a gag order, so that leaves conjecture to set the narrative, and that conjecture is very negative. |
| Developer, sysadmin, and anime addict. Have an Android smartphone? Try Atarashii! |
| great malgraph doesn't work too. |
 |
| Definitely it is NOT intended to encourage users to use the crappy official version at all. |
drefann said: Even if that were true, they could have simply asked the Developers of Third Party Apps to create a Pop-up Message where the Users have to tick a Checkbox or something that they agree that in order to continue to use their Service, they'd need to grant the respective App Access to their Lists. Something the Users have already implicitly agreed upon using the Apps, but getting an explicit Agreement shouldn't be impossible to implement. My guess is that this might be related to GDPR. I'm not a programmer, but I assume the API does checks on the account info provided or however it works? |
NoboruMay 26, 2018 10:54 AM
drefann said: motoko said: Us developers are pretty irritated too, especially ones with active applications that then get a ton of nasty messages over this. That's the irritating thing. They had actually been working with several third-party developers to build a modern improved API, and even had it open for testing before suddenly closing it a few weeks ago. Now they did this without warning. I mean, if that outreach hadn't happened and everyone was still stuck with scraping HTML and using the ancient "API", then it may be a bit more understandable. With the recent actions they have taken, it feels like malicious betrayal, even if it is not. Unfortunately, there seems to be a gag order, so that leaves conjecture to set the narrative, and that conjecture is very negative. My guess is that this might be related to GDPR. I'm not a programmer, but I assume the API does checks on the account info provided or however it works? Bottomline is that the owners of MAL are basically sharing our account info and probably got caught offguard (even though all this has been announced several years ago). They don't have an instant solution at hand so the fastest solution for now to avoid a penalty of up to $20 million is to cut off acces to the API and have us do the password reset. This is all guesswork, but seems believable this is all related. It might be, but I'm not entirely sure it is. Their API authentication layer was already pretty weak to begin with, and if you notice when you reset/recover your account, they actually send you a password to enter in (i.e. cleartext). Typically, passwords in databases are stored as a hashed/encrypted representation of what you type in so that malicious users can't steal account passwords and use them elsewhere. I imagine that because in the past, MAL had very weak password criteria, they started cracking down on people who had weak passwords. However, the way they've gone about it has been pretty amateur. Their initial attempt was to try to "lock" people out of their accounts if they made incorrect attempts at entering their password by banning them. However, the ban was done at the IP address level, which is really easy to manipulate if you know what you're doing (i.e. change from WiFi to cellular, route through a VPN or proxy). Then, they tried enforcing multiple rules for passwords, but didn't force people to reset them like they are now. And now here we are, watching them try to get people to reset their passwords, but still sending "new" passwords in cleartext. It's really insecure, and I suspect that's the main issue they're dealing with. Using their old API, you could easily do what I just mentioned to try and brute force yourself into a user's account. Their old API used simply username/password authentication, which is inherently insecure to begin with. The new API we (third-party devs) had been working on with them used a more modern approach to authentication. Kind of sad seeing MAL not say anything or disclose their breach while leaving us in the trenches, dealing with upset people complaining that our apps don't work. |
| "Happiness comes in different forms. If you believe that you're happy, you'll be happy." - Haruhi Suzumiya, The Wavering of Haruhi Suzumiya |
| The lack of communication with the users is disturbing. |
  |
It feels like the rest of the internet is moving on, year by year, and MAL's still stuck in it's own bubble back in 1999. or something. R.I.P. Pocket Mal and all else. :/ Hope to use you again sometime. |
 |
| I hope they fix it soon. I feel so helpless without my MAL App. Mostly I watch Anime at my phone or TV, and without working App it's hard for me to track my List ;_; |
 |
| does taiga work yet? |
 |
More topics from this board
Sticky: » Inactive Username Request Thread ( 1 2 3 4 5 ... Last Page )Kineta - Sep 21, 2015 |
3403 |
by nanoeiai
»»
6 hours ago |
|
» Help with my mal supportershelbyditz - Yesterday |
1 |
by pichipichiHiro
»»
12 hours ago |
|
» Profile veiwsOshieteoshiete4 - Yesterday |
2 |
by Oshieteoshiete4
»»
Yesterday, 8:06 PM |
|
» Continually getting notifications on app from anime I do not have favoritedEverySportsAnime - Yesterday |
1 |
by machy871
»»
Yesterday, 2:14 PM |
|
» How to mark/save interest stacks for later?Tannenbusch - Yesterday |
5 |
by Tannenbusch
»»
Yesterday, 2:11 PM |