In my app developed by Phonegap, there is requirement below.
1. Only limited devices are able to use our app. Every device needs to get register key from the back-end before using app.
2. When a user want to log in with the specific account in another device and he has gotten a new register key, the key of the previous device will be disabled.
Any help is appreciated.
Related
My question is the same as this one here but with little bit of difference, the difference is that i'am using the nodeJs server as a backend for my android app, also i am not using sockets, anyone got an idea about this ?
i want to restrict multiple connection as the same time from a user.
You must be maintaining sessionId/token for all the logged-in users, right?
When any user tries to log in from the device, you simply invalidate (remove) all of their previous sessionIds.
As simple as that.
Example:
User A installs App on Google Pixel, Logs In, A session/token abc123 is created for him which will allow him to access all the other APIs.
User A keeps the app as it is & installs app on Samsung Device, Logs In with the same credentials, at this time, server will check that user already has some token/session, delete and clear all those session/token, and give new token in response.
So now, User A will be able to use App in Samsung device, but when he will try to open app in Google Pixel, APIs will fail and he won't be able to use app.
Additionally, you can log out user manually if the session/token is invalid for 3 api calls.
I am new to android development so I need a little help.
In my app users can vote for posts but I don't want to make them register because app is very simple and that would be overkill. I want some another way to restrict users so they vote just once. If the method is not very accurate I don't care. In web development it's usually done using IP, is it the same for mobile apps?
Appreciate your help very much.
Every mobile device has a unique id which is called device id. you can use device id to restrict users or another option is to get the device MAC address of the device. MAC address is also unique so you can easily use it restrict users.
You can use an IP but for mobile users that won't work very well because their IP's are always changing. An easy way to do it would be to generate a guid in the app, and save it somewhere permanent (like the app settings). Then whenever you need to id the user just submit that guid to your webservice or whatever you are using. This is an anonymous id that you can then check against etc..
I am making a webapp which will coordinate with an iOS and Android application. There will be a two types of accounts. One will be primarily on the website and the other will be primarily on the Android or iOS app. This question may be too broad, but I'm looking for an authentication pattern which will work for this setup and make sure that the right web account is pairing with the right mobile account. Here's what I've got so far and am hoping you can provide some feedback...
When a mobile app is installed, it will reach out to the server with information such as name and phone number to which a UUID will be returned.
If the web account wants to link with a mobile account, the web account must enter the phone number of the mobile app they want to link to. The server then sends a message to the mobile device so that user can confirm the pairing.
Are there drawbacks to basing the account id on a phone number? Is there a better way to do such two factor authentication? Sorry if this is too vague or undirected and thanks for any help!
Phone number is a bad UUID because there is no way to get the phone number. Other than asking the user. Not reliably. Also, some devices allow dual sims (home and work) and thus would have multiple phone numbers.
A better way is to use the android device id. But even that isn't that great- I could write an app that calls your service with whatever id I want. There's a reason RSA keys use a cryptographic token that changes every minute- it requires you not only to know the id, but to know what the id is now. Otherwise you'd just need to have found out the secret id once and you're in for life.
I am currently building a system for mobile phones, the system requires some sort of a login sequence and at the moment I am just using an MD5 generated API which is connected to the user in the database but this is using sessions and so on and has so far proven to not be as good as I had hoped, so now I am trying to build a new login where the user enters the API once and the system detects some sort of ID from the phone, like the SID or MIN or something like that, I have no idea this is possible or not. So to recap
Is what I have described possible?
What is the most reliable ID that I could fetch from the mobile device?
How would I go about fetching this ID?
Following is the scenario:
I have an web application accessible via mobile browser.
I need to detect a mobile device IMEI and sim IMSI whenever an user clicks on link in my app page accessible via web browser. This is to track the same device with same SIM and provide him/her next level of access. User cannot be tracked using loginid as there is no user login kind of option in my page.
The question is how to get unique device id/sim id via mobile browser for a specific mobile device.
For now I am focusing on android based mobile devices. But the target is to make it generic to devices.
Focus of most of the ideas is, what is the kind of access a browser has over the phone and its app?
From a browser link we can open a local app in the following way:
Get Details
here productcateory will uniquely identify a local app and invoke it. But its one way communication. How to get back some response from the point of invocation and populate some hidden form field dynamically.
Via webpage scripts we can store some data locally at client machine and retrieve it later. but the scope is limited and it is no way connected to IMEI or IMSI number.
Is there a way to get a hook to mobile browser app(remember it's like any other mobile application) from the webpage and get the id details via scripts in my page?
Is there any option that html5 provides in this regard? I know there is a localstorage tag in HTML5 and one can store an id in the client location and retrieve it later. But this is limited to the same device and same mobile browser and also this is a different solution to get the imei/imsi number
Let me know if there is any other option without asking user to installing a local app or browser plugin on the device?
~inkriti
For very good reasons it is impossible for the web browser to access the IMEI or IMSI numbers of a mobile phone, without some dastardly hacking that the dev teams hadn't expected.
Also the android browser doesn't support plugins.
Your only option is to create a native app. This answer has some info that will be useful to you: Programmatically obtain the phone number of the Android phone. Its not a perfect solution however.
I would also ask why you want access to the users phone number? If its just to track session just use javascript to generate a unique id and store it in a cookie.
The original issue is probably closed, however for future reference of anyone (like myself) that comes across this question would be something like 2-factor registration with confirmation via text. The closest to getting an IMEI (impossible without native apps) would be to get the user to register and include a text confirmation - the mobile phone number in most cases will be unique, only non-unique when changing devices, and some assumptions can be made from the client-side to guess what device they have, you could even go a step further and ask them to identify the make/os of their device if you were that concerned about unique-ness. However in most use-cases a mobile number confirmation will do the job
The only reliable way is to write an app and have it send a SMS and then track the number on that end; assuming the subscriber has SMS/text service enabled. This won't work on non-phones (tablets).
It is not important, nor is it necessary and it is probably illegal to track the device (IMEI); simply track the subscriber.