I am using a variety of mobile device clients such as Blackberry, Android, Windows Phone iPhone. At the moment I am focusing on Windows Mobile 6.5 (I know it is dated but I actually have one of these phones to test with).
I want to be able to register the app installed on the device with my web server. Now, I could just let the User create a Username+password combination but I thought It would be cool that the registration/activation process would involve telephone number or/and IMEI being automatically (in code) sent to my server. The benefits of this are obvious, seamless registration and as an added security measure in case the phone was lost/stolen.
Now,I know all about SMS gateways and I guess I would probably have to pay for this service to do what I want - or just let the User enter their telephone number in the login page. I also know that you can send emails to some telephone providers (not all).
Does any one have any knowledge of any free SMS gateways for small business use or pay-as-you-go service or/and clever way to register a telephone number with a web site either via GPRS or SMS?
Additionally, any knowledge of where to look to get the IMEI/UUI of the phone in code? It has to cover different devices so a generic way is a must (which rules out OpenCF).
I appreciate it is highly unlikely that are solutions to this without using a SMS gateway provider but there are some clever people on this site so open to ideas.
Thanks
The IMEI (and phone) number is locked down in the Windows Phone 8 API (for security reasons) so, if you want to make your solution future proof - you are going to have to force the user to find it on their handset and type it in manually. Other platforms (or previous versions of Windows Phone) may not be so strict on this.
Related
Good day fellow code ninjas,
I am attempting to make my Xamarin forms application be device unique in the sense that you are not able to login with your credentials on any device other than the one you initially installed the application on.
I have deduced that I should be using a guid for this purpose. I have searched online but I'm not able to find much of a guide on how exactly to use a guid to recognize a specific device.
Are there perhaps any resources related to this or any examples of code used to accomplish this?
There are a few layers to this question, firstly:
Can I Uniquely Identify A Device? No
You won't be able to get truly uniquely identifying information about the device such as UDID, IMEI. This is enforced by the platforms (iOS & Android) as a way of protecting users sensitive information.
This process is called Fingerprinting. There are 2 cases that the platforms want to avoid: Advertisers tracking users across apps, Malicious use of unique id's to target a user. In older versions of iOS & Android there were more API's to use to uniquely identify a user but they are being phased out as privacy & security have become greater concerns for mobile users.
What Are My Options?
Lets accept that we can never truly uniquely identify a device, there are some tricks we can use.
Secure Storage
You can generate a guid and place it in secure storage on the devices keychain. This keychain value can be persisted even if your app is uninstalled. You could use this approach to check if the app is unique to the user. There are pitfalls with this approach, it's not perfect but it's the approach myself and many other's use.
It is worth mentioning the behaviour across devices is very inconsistent. The iOS keychain can be backed up to iCloud (if encryption is enabled). Android devices can use slightly different standards across API levels & vendors.
iOS - identifierForVendor
iOS will generate a guid when you install an app, you can use this value instead of generating your own. See the documentation here.
The 2 drawbacks here are you'd need to implement this on a platform level and if they user deletes all of your apps, the guid gets deleted and a new one is generated when they reinstall the app:
The value in this property remains the same while the app (or another app from the same vendor) is installed on the iOS device. The value changes when the user deletes all of that vendor’s apps from the device and subsequently reinstalls one or more of them. The value can also change when installing test builds using Xcode or when installing an app on a device using ad-hoc distribution. Therefore, if your app stores the value of this property anywhere, you should gracefully handle situations where the identifier changes.
Edit 1:
Add further clarification: Explain fingerprinting & highlight some platform nuances
My boss has charged me with the task of finding how to integrate WeChat into our photobooth's "Total Share" section.
Our photobooths work under windows and their software is a mix of Java and a PHP web API installed locally, that then connects to a web service.
The intention is to give the user the option to, when their picture is done, get a copy of it via WeChat (I guess that by introducing it's phone number)
Through my searches I've found a WeChat JS-SDK, but that seems to connect sites you are watching on your phone with your actual WeChat app so it doesn't work in my case.
The other source I have found is the Official Account Admin Platform, but I'm not really sure if this would allow me to do what I need. As far as I've seen, the Official Account can send messages in response to a trigger (that would work for me, send a message when the user clicks on the button), but it also seems to need that they "subscribe" (in a way) to the Official Account, and secondly I'm not sure how can this be automatized.
Especial mention:
I'm a junior developer, so API integration is a bridge I haven't crossed yet, and as such I'm utterly lost.
Is it possible to get the functionality I require? If so, what are the steps to do it?
You don't need to make a fully fleshed tutorial to write an answer, just knowing in what direction should I go, and maybe some possible caveats that more experienced developers may be able to foresee, would be great.
Thanks.
When I receive a push notification in my j2me application it shows its built-in message at start, what I want to do is to place my own message say "Do You Want to Launch App?" when a notification of invoking application is received! How to change it?
It is unlikely that application developer would be allowed to do stuff like that in the real phone, and here's why.
This functionality is a part of security sensitive features (if you're interested in details, check documentation like The Recommended Security Policy for GSM/UMTS Compliant Devices).
If this would be allowed, malware applications could transform not just wording but the very meaning of a standard system message, thus tricking user into doing something wrong.
For an example, imagine an application doing tracking of user location, or sending paid SMS, or something similarly sensitive to one's privacy or budget, having mentioned message changed to:
Click Yes to win million dollars.
As a phone user, the last thing I would want of my device would be to allow tricks like that.
I am building application that needs to interact with users without accounts and keep track of them. I know OpenID is great and easy and I've used it in almost all my apps, but accounts are not option even those that user is likely to have like Facebook, Google, Yahoo account, etc.
Any coding language is acceptable (but asp.net, JavaScript or Flash would be best, or a combination).
So my plan is to use cookies...but cookies are so easily removed (I really don't count it as reliable identifier)
IP address...well this is efficient even trough proxies, but if someone uses dynamic IP like my whole country this also becomes unreliable
Flash cookies are fine, but I recently read an article describing Mozilla Firefox History-cleaning system gets rid of them too, I need confirmation for this.
Browser Fingerprinting - I don't know how reliable it is since anyone that knows little of any language that can send HTTP requests can spoof it (client string at least).
If anyone knows of any other methods from the ones I listed, or want to correct me in my list feel free to reply.
I am developing a flex 4.5 web based application and I need to make sure if the client chooses a certain level of security, each user can log only from an authorized computer.
So the question is how can I get some unique computer information? Anything like HDD serial number, CPU specifications, motherboard information, even the user that is logged into the Operating System can do.
So far the information on the web isn't giving me much hope that this can be achieved, but I had to ask.
Thanks in advance.
I suppose the only option available for web application is to create unique id from fields of flash.system.Capabilities class.
Other strategy which can be used is to generate unique UID in process of computer's authorization and then store it in local storage using SharedObject. Then web app tries to read authorization data from SharedObject on web app start. If there is no such data computer isn't authorized.
Richard is right. For security, unique identifying information is not available for applications running through Flash Player. You could write an Active X control (for IE) or a plugin (for Mozilla based browsers) to obtain additional information for your app if users (and their IT administrators) allow it. Information available will vary depending on the browser and operating system the user is running.
Adobe Air, on the other hand, allows access to additional network information including MAC address in the NetworkInfo class. Maybe it's worth considering an installed client app for users who require the additional security. Take a look at: http://www.adobe.com/devnet/air/flex/articles/retrieving_network_interfaces.html
This is not easy using a browser based Flex application, but there are some workarounds.
The browser based Flash Player can communicate with an AIR app on the desktop using localconnection. So, you could create an AIR app that utilizes NativeProcess to retrieve your machine specific information.
You could also use NativeProcess from a AIR app without using the browser at all.
A third option would be to install an application server on the client machine and have the browser based app communicate with the server to retrieve the client information.
I consider most of these options too difficult to be practical, but it depends on how important this feature is to you.
The Flash Player security sandbox will not let you read anything unique about the system on which the SWF is running, so I'm afraid this is not possible. The closest you will get is likely Capabilities.serverString along with maybe IP address, but the serverString property just lists all the capabilities of the client, which is obviously not a unique thing, and also might change from time to time for the same computer.
Warning: my knowledge of server-side scripting is limited to say the least.
This isn't a technical solution, but rather a different approach to your problem.
An alternative solution to would be to inspect the raw packet at the server in order to obtain data such as the IP and MAC address. Based on this the server can then deny or allow the login attempt.
I am used to working on embedded web servers running on micro controllers where C-based black magic is rather common, so I am not sure if this is possible or practical in a more traditional environment.