I am facing a difficult situation. Users on my app sign up using their phone numbers. Some users are bad actors whose accounts we ban. But they keep creating new accounts with new phone numbers. Because you just need an OTP to sign up, they ask their friends, family etc for the OTP and sign up.
But almost always they have the same device. Is there a way to identify a device and block functionality on it. I know that hardware identifiers like IMEI are reserved for system apps and special purposes only.
Is there any other recommended way of blocking such behaviour? Which identifier should I use? Please help. Because of these users my genuine users are churning. :(
I will publish paid app for android and ios. I want that one account can only install and run on one device. Otherwise I want to block the app on first device. Is there any way to do this?
Note: I know there is a lvl for Google Play. But I am not sure, it does this exactly. Sorry for my english.
What you seem to need to do, is to get the device_ID and pair it with the account.That shouldn't be hard.
You get the device ID when your customer registers ,than at login you check the login credentials AND the device ID...
Here's pretty much all you need regarding the device ID (not the login,I trust you can handle it yourself)
How to get unique device hardware id in Android?
I'm making an app, which I will distribute via playstore. However, though the app can be installed by anyone in the world, it can only run for selected users who I know.
Below are the possible ways I have figured out,
Check the account E-Mail ids on the phone and if that matches with the one's saved within the app code.
Check the mobile number on the phone and see if that matches with the one's saved within the app code.
When the app runs for the first time, it will send an SMS to my phone. I will reply to that SMS either saying YES or NO. If I reply YES then only the app will run for that user, else it will not.
I would like your feedback on these mechanisms. If there are other ways let me know about that too.
Thanks...
I think your best options are:
Make users log-in using an e-mail and a password (you could ask the user to register and if he uses an e-mail that is known to you, send a password to that e-mail [make the user change it later though])
Beta testing - This allow you to choose wich users will be able to install your app by creating a community on Google+ to beta test your app.
Maybe both.
I develop mobile cross-platform games (for iOS,Android and WP).
I want to know the email or the phone number of the people who bought my app from the iOS,Android or WP store, for using these informations for authentication purpose.
Waiting for your valuable comments and sugessions
Thanks.
You don't have that information unless people authorize you or give it to you.
Under no circumstances should you be able to get the information of the people who are buying your apps unless they opt into it and it’s made crystal clear to them that you are getting this information.
This was in the news last year because you shouldn't have that data.
This counts for iOS and Android.
options
Ask users for their personal information in the app and send it to
your servers.
Make your app need registration and login ( This is very strict on iOS, make sure you have some kind of offerable service which actually need registration)
You can link their personal information with device numbers, but these are spoofable on rooted and jailbroken devices
To get the device information on android:
You want to call android.telephony.TelephonyManager.getDeviceId().
This will return whatever string uniquely identifies the device (IMEI on GSM, MEID for CDMA).
You'll need the
<uses-permission android:name="android.permission.READ_PHONE_STATE" />
permission to do this.
On iOS look at this answer: How to get IMEI on iPhone?
I can only speak for iOS:
You can't get email address nor phone number using iOS APIs. If you want this, you need to ask the user yourself.
Then you'd need a way to verify them:
Email by sending a link they need to click.
Phone number by sending the user an SMS (with link they need to click, or code they need to type in UI), or by calling them and asking them to dial/DTMF a code they see in the app, or on the app enter a code they hear.
If you want to keep users apart, without needing any info from them:
Have a non-consumable in-app payment item (which you could call 'account' for example). Since these items can only be bought once per user, and because Apple's in-app purchase receipt contains a unique ID, you can use this as a user identifier. (If this does not make sense, you need to read Apple's documentation about in-app purchases.)
If you are asking the user for mail/no then just store temperorly and use webservice to retrive in background
If you want the details without knowing to user Use analytics and catch maild id's of user (flurry , google analytics)
I dont think this is possible currently. The playstore console displays information like number of download, carriers, devices, etc. You may want to consider building in those features and requesting the info from the user via the valid permissions. Aside there is an unofficial playstore API that lets you pull data viz. app info, comments, etc. You can find it here
i am developing an android app. what i am doing is i have added a feature which detects the sim number. if the user changed the sim number, i get the current sim number and then i am emailing the new number to the user. so how am i detecting this is i am automatically sending a message from an app to my server and then i detect the number. so now the problem is when i put the app on the Google play store .. they are deleting my app and what reason they are giving me is "you cant send an sms from the phone without user permission which is against their policies.so i am wondering why then other apps are working and doing the same thing .. for example this app
https://play.google.com/store/apps/details?id=instigate.simCardChangeNotifier&hl=en
there are many apps on the google play store which detecting the number and i think they are pretty much using the same technique to get the current number.. so i want to know what exactly they are doing or how they are playing tricks with Google so Google cant detect them