I found an application & they are using Device Identity as user login. After uninstall & install its showing same DeviceID.
When I test this app on my android device. The device identity doesn't match with this String.
String android_id = Settings.Secure.getString(this.getContentResolver(),
Settings.Secure.ANDROID_ID);
But when I tried this on android emulator string matched with that app device ID.
But in my physical Device....
Showing on that app: 93edad60438f8004
Getting String Device ID: 5f1cf6393c37ae96
How can I get device ID as that application?
That App on Emulator
Emulator Device ID
As of Android 26, every app on the device gets told a different Android ID for privacy reasons. This prevents companies from being able to share data on a user without his permission by just correlating the device id.
Also, a device id should NEVER be used as login credentials. I can get a version of Android that allows me to claim whatever id I want on an emulator with a quick recompile of AOSP. It can be spoofed way too easily. If you need to be able to log in a device, use a randomly generated key from your server and encrypt it with a key stored in the keystore. Do not count on an hardware identifier. They can be spoofed, and just as importantly you can't revoke them without breaking the user's ability to use your app. With a randomly generated token you can invalidate it server side and the user just has to log in again.
Related
I understand how to authenticate users via Fingerprint Authentication using Android SDK. But it only tells if the fingerprint matches one of the enrolled fingerprints or not - i.e. a boolean.
I want to make it so that it gives me the fingerprint image as well, so I can extract the information against that fingerprint, i.e. userId, name, etc stored in the database.
For example:
I have 3 users: Admin, Teacher, Student.
I should be able to use the built-in fingerprint reader to be able to determine if the user is identified as an Admin, Teacher or Student, and give the app access rights accordingly.
The app will be deployed to only ONE device that is accessible to all users, so the application should be responsible to control the limit of number of fingerprints that can be registered.
Is it possible with the built-in fingerprint reader of the device?
I want to make it so that it gives me the fingerprint image as well
That is not supported by Android's fingerprint APIs, for privacy reasons.
I should be able to use the built-in fingerprint reader to be able to determine if the user is identified as an Admin, Teacher or Student, and give the app access rights accordingly.
Each of those individuals should have a separate device account. Then each of them has a separate copy of your app, in effect. So long as each of those accounts get configured in your app with the proper role, the identification process is handled for you by the OS.
Can we use the FingerprintManager in Android M (API 22) to identify (along with authorize) the user?
For example, there are two finger prints registered in the device, one for user A and one for user B. Does the API provide support to detect which user, A or B, just logged in?
No. In fact, the Android Compatibility Definition for Android 6.0 states in the Fingerprint section (7.3.10):
MUST NOT enable 3rd-party applications to distinguish between individual fingerprints.
Therefore while you could write an app that uses the fingerprint as a mechanism to authenticate the user, any registered fingerprint associated with the current user account could be used.
Android Fingerprint method does not provide fingerprint name or Any unique identity. it treated each registered fingerprint equally and just authenticate only. (valid user or invalid user that's it)
Storage
The fingerprints are tied to the device (from the Nexus FAQ):
Your fingerprint data is stored securely and never leaves your device. Your data is not shared with Google or any apps on your device.
Therefore there is no way for an app to access the fingerprint data to be able to save it or use across the devices.
Suggestion :
To distinguish multiple users or devices, you should use external fingureprint scanner. There's some external fingerprint scanners compatible with Android Platform and with SDK for Android. These SDKs allow to enroll and verify multiple users.
i want to know does the android device id change when the android version is update to latest. If it changes, how can i get notified about the version change.
This may no longer be a correct answer. The following from https://android-developers.googleblog.com/2017/04/changes-to-device-identifiers-in.html
Android ID
In O, Android ID (Settings.Secure.ANDROID_ID or SSAID) has a different value for each app and each user on the device. Developers requiring a device-scoped identifier, should instead use a resettable identifier, such as Advertising ID, giving users more control. Advertising ID also provides a user-facing setting to limit ad tracking.
Additionally in Android O:
The ANDROID_ID value won't change on package uninstall/reinstall, as long as the package name and signing key are the same. Apps can rely on this value to maintain state across reinstalls.
If an app was installed on a device running an earlier version of Android, the Android ID remains the same when the device is updated to Android O, unless the app is uninstalled and reinstalled.
The Android ID value only changes if the device is factory reset or if the signing key rotates between uninstall and reinstall events.
This change is only required for device manufacturers shipping with Google Play services and Advertising ID. Other device manufacturers may provide an alternative resettable ID or continue to provide ANDROID ID.
Device ID is a 64-bit number (as a hexadecimal string) that is randomly generated on the device’s first boot and should remain constant for the lifetime of the device, though the value may change if a factory reset is performed on the device.
The device ID does not change when the Android version is updated to the latest version. If you want to change your device ID then visit here.
Yes it changes,
I found that device ID changed in my case. In my app each device is connected with my database for certain special tasks, varies device by device and I uniquely identify each device by Settings.Secure.ANDROID_ID which gives me device unique ID.
But I found that that it changed on one of Samsung android device and disconnected from Database Server.
I need to install my app only on some devices and does not allow installation on another devices.
I thought that maybe I can pair a unique ID to install apps.
I can do this?
How I can block the installation of a single application on some devices?
You cannot control app installation based on Device Id (IMEI) either by google play store or direct install... However you can check at the start of the launcher activity, you can check that the Device Id (or Imei) is in the list of imei you are allowing... Then allow user to use the apk... ELSE finish() the launcher activity... You can also give message to user stating "Unauthorized access" or something similar...
I thought that maybe I can pair a unique ID to install app
There's no platform provided, reliable uniquie ID of the device.
How I can block the installation of a single application on some devices?
You cannot block installation on device - as long as device meets your manifest requirements (screen, libs, platform version etc) user will be able to install your app.
Google provides you with this option also. If you have an account in the developer console of android, in the apk column you can see the list of devices your app supports. Out of that you can deselect the ones you don't want in your list.
At the time you are uploading the apk to play store, its very easy to deselect the devices you don't want your app to run on.
I have developed one application and created the apk.Now I want to avoid the piracy of that application means if I have installed the apk on my device and if i am trying to install same apk on another device then it should not be get installed on another device. Is there any way to do it ?
well what you are looking for is personalized APK, means for each device you have to build once APK and in that you need to put logic that the APK can be installed on only one device; So to do that you can give one NUMBER in APK and after installation you can call a webservice to store that NUMBER in cloud database.
After every installation you need to do two things...
Query database using Webservice that perticular number is already store on clooud if yes then set a flag which never allow user to see the application data again...
If now found store that on server.
THis is just logic you need to think WHY YOU NEED UNIQUE APK FOR EVERY DEVICE?
If you want to do without Webservice and cloud DB you can use GetDeviceId() it returns the unique device ID, for example, the IMEI for GSM and the MEID for CDMA phones. Return null if device ID is not available.
So in your APK you need to check IF XYZ == GetDeviceId() Result then allow user to access the APPS; else write message that you are not authorise to view this.
For this you need to build APK after inquiring your USER about their DeviceID()