I've created a publicly shared survey in AGOL and have been looking at it to see if there are any security issues with which we need to be concerned. I've changed the permissions on the _fieldworker view as follows:
- "Only add new features"
- "Editors can't see any features, even those they add"
- "Only add new features, if allowed above (requires tracking)"
Opening the Service URL to look at the ArcGIS REST Services directory for the _fieldworker view, The Supported Operations for the service show "Add Features" and "Apply Edits" available. Given the permissions above, would an anonymous user be able to write code to submit new surveys?