I would like to know if spammers have the capabilities to download, crawl and spam mobile apps like they do for web apps. More specifically, is it necessary to authenticate users to the extent that web apps have to? (i.e. captchas or verification links sent to user's email)
Any insight you could provide or even links to other information on this topic would be much appreciated. Thanks!
Also, here is some information more specific to my scenario in case this helps:
I have an existing web app and am currently writing iphone/android apps as an extension of the web app. The web apps and mobile apps use the same database information.
In my web app, I require users to click a link in their email to activate their account after they fill out a "create account" form. However, I would like users to be able to create an account on the mobile app as well but definitely don't want them to have to exit the app to go check their email to click on a link. Ideally, they could just create an account on the mobile app and start using it right away.
My fear is that automated spam bots could create false accounts without any verification on the mobile apps and thus spam the site. Any logged in user is able to add content that is viewable to everyone. Thus, even though sites like Twitter allow a user to create an account on their mobile app and begin using it before verifying the email address, if spam bots have the capability of downloading my app, creating accounts, and posting stuff, then I need to find another way.
Spamming from the App shouldn't be possible, or at least not sensible. At least for iPhone, you would have to have a Jailbroken iOS device per Spambot you want to have running. That sounds too expensive.
As for Android, it would theoretically be possible, but not very likely at the moment. I would recommend going without activation in the beginning and just watching the site a little. You should be doing that anyway.
What we do for our Social Network Apps, is to allow the first (but only the first) Session and require activation for all successive Sessions.