I'm thinking to have a third party to promo my app, and I'll pay them per install. In order to avoid fraud, I need to have a unique ID stored in my database. My problem here is that I can't find a reliable unique ID.
IMEI - only works on phone
Android ID - can be changed even not a rooted device
WLAN MAC - not all devices have wifi, or the device has wifi turned off.
Bluetooth MAC - same as above
I know device with root access can easily change the IDs, but let's not worry about it now. I assume no one has a rooted device. How do I get a unique ID???
Please help. Thanks
Try looking into OpenUDID for Android, there doesn't seem to be a better way to do what you want for the time being:
https://github.com/vieux/OpenUDID
Related
We've developed an app that needs to identify every device uniquely. We first thought of using IMEI and we're obtaining it using the TelefonyManager's getDeviceId() method.
But one user reported that the app doesn't work and it seems we weren't able to get the IMEI. I read here that some Nexus 7 don't have an IMEI, that they use another way for serial number: CSSN. How can I obtain it? Or, even better, is there a preferable way to uniquely identify every android device?
PS: We do have one Nexus 7 here for testing and it works perfectly, that's why before I said some Nexus 7.
It's recommended to identify every installation instead of every device. There are indeed several ways of identifying device, for example, Mac address, IMEI, Serial Number, ANDROID_ID , however, due to different OS Versions, devices an vender implementations, none of these are truly reliable. Check this out.
Try the below code to get the device serial number :
Log.i("TAG","android.os.Build.SERIAL: " + Build.SERIAL);
You may go through the Android Documentation.
Some background information:
I have a certain yet to be released tablet and sadly the people who designed it seemed to have removed TelephonyProvider.apk
Here's how I've reached that conclusion :
When I go to More... in WIRELESS & NETWORKS there are no options to change APN, VPN or access Mobile networks. (Please note that the table has no facility to lodge a SIM card) However, on my Karbonn ST10 (Android 4.1.1) all these options are found. The certain tablet is currently on Android 4.2.2
When I used an app called APN shortcuts I was able to launch the APN configuration screen, however every time I changed the MCC or MNC number, the APN could not be saved and was deleted.
When I tried to read the contents of content://telephony/carriers I received a NullPointerException.
Questions:
What is the purpose of TelephonyProvider.apk?
Will it be possible to install it without root access? If so, how? (I'm pretty sure this can't be done, but if someone else knows a magical method please enlighten the world)
Can 3G data connections via dongles be established on this device which seems to be missing TelephonyProvider? Or will the ROM have to be edited and TelephonyProvider be installed.
I'm pretty sure this is a programming question, but if it belongs on Android Enthusiasts, please move it.
It's just an apk... you should be able to sideload it with adb without root with adb sideload <your apk>. It would just be removable since its not it /system/app, ie built in with the ROM. If the makers of your device disabled certain features on the device, which would explain possibly why those menus do not display in the Settings app, then TelephonyProvider may not be all that you need to get the connections you want to establish working.
Hope this helps.
Update:
These features are probably disabled on the device you are using. based on what you described.
From the PackageManager documentation.
FEATURE_TELEPHONY Feature for getSystemAvailableFeatures() and hasSystemFeature(String): The device has a telephony radio with data communication support.
FEATURE_WIFI Feature for getSystemAvailableFeatures() and hasSystemFeature(String): The device supports WiFi (802.11) networking.
I have been reading a number of posts here on stackoverflow about android not having unique identifiers. But could I not use the MAC address of the device as a unique id? If not, why not? If yes, does anyone know how to get it programmatically (i.e. a piece of code [please])?
FYI:
My app requires network so devices without networks won't be able to install it.
But could I not use the MAC address of the device as a unique id?
Not 100% reliably.
If not, why not?
Here is what Google has to say on the subject:
It may be possible to retrieve a Mac address from a device’s WiFi or Bluetooth hardware. We do not recommend using this as a unique identifier. To start with, not all devices have WiFi. Also, if the WiFi is not turned on, the hardware may not report the Mac address.
Also, you are assuming that all devices will accurately report the MAC address by one means or another. I would assume that custom ROMs, and perhaps rooted devices, might be able to spoof the MAC address. This may or may not be a concern for you -- I'm just pointing it out.
My app requires network
At best, it can require WiFi. It cannot require that WiFi is turned on.
does anyone know how to get it programmatically (i.e. a piece of code [please])?
See this answer.
MAC is unique, but can be spoofed by the user to any value, which would make it very insecure. If that's not a problem, you're probably good to go !
Are there known bugs or issues with getConnectionInfo().getMacAddress() when it's used as a unique device identifier?
One of the alternatives, the Android ID, seems to be not available (or not really unique) on some tablets. FAIL...
The only problem that I know of is that it is only available if Wi-Fi is enabled.
I think this is a big problem because some smartphone users probably never turn Wi-Fi on. Your app can turn Wi-Fi on itself, but this means your app needs an additional permission "android.permission.CHANGE_WIFI_STATE".
Your general issue - how to uniquely identify the device - is widely discussed, e.g.
Is there a unique Android device ID?
http://android-developers.blogspot.ca/2011/03/identifying-app-installations.html
In this video from last year Google I/O, Reto Meier talked about exactly that problem off identifieng a device correctly.
For the solution you will have to watch the video, because I don't remember it anymore. But I do remember his concerns about the "MacAddress"-Solution. The problem about this solution his that it addresses a particular device and not a particular "installation", think of the problem when a user, who installed your app, sells his phone to another person which will also install your app. With the MacAddress you have no chance to distinct between those two ...
I'm currently doing some research about my project, a smartphone tracking native application, and I have four questions. Links to any material I can read up will be greatly appreciated, and the most useful/comprehensive response will be accepted.
The primary target smartphones are the Android, Blackberry and iPhone models.
For starters I found out here Uniquely Identify an Android Handset that IMEI can be used to uniquely identify Androids but I think I once read that it can be faked. I don't know about the iPhone and Blackberry.
What's the most reliable way to uniquely identify the smartphone device, if any? Can MAC addresses work or is it possible to spoof that? Can IMEIs truly be faked?
Is it possible to "lock" the device with a custom error message remotely via its unique identification, once the device is reported as stolen? This lock state will remain on the phone even when disconnected from the network, until it is reconnected to the network and unlocked remotely once again.
Assuming such a remote phone lock is possible, can such be reversible by the thief? The native app will run in stealth mode so that it cannot be uninstalled.
Can a cross-platform solution work in this case, or will I have to develop various native apps per platform?
EDIT:
Some more context. As Till rightly said, Apple's "Find my Phone" does this exact thing already (I am just finding out about it, but it looks like a perfect fit already). The user who is choosing to install the app is informed that the phone will be uniquely identified if they do install the app. As for locking the device, "Find my Phone" does it (I gather). Now I need to know how that might be possible on the two other platforms.
With regards the iPhone side of things:
You aren't allowed to uniquely identify the iPhone like that. Apple have just forbidden it unless you get the user's permission first. So if they refuse you permission, your app won't function and you'll need to find another way.
No, you can't do that.
See 2. Also you can't run an app in "stealth mode"
See 2.
Only the network operators can talk to the handsets on an IMEI level. The IMEI number IS the MAC address of GSM networks. However, you can't access that unless you have control of the network. Sure you can get the IMEI from the user, but you can't use that to locate the phone. On CDMA networks this address is called the MEID number.
But there are other ways:
You can get location data on either platform with the users' permission. This is the way you should think about developing your application. You'll want to assign a UUID to a user once they download and install your application on their phones. You can then have the phones report to a server every so often (heartbeat). As long as the phone is powered on and connected to a network, the user would be able to locate the phone.
You can also get the phones IP address on the network, among other things -- such as contacts, messages, files, cache data etc..
On Android it's pretty easy to implement this kind of functionality as a service that could would only be visible on the packages page. Further, if you have root access, you can write whatever kind of rootkit you want such that it hides itself from the system. Same with a jailbroken iPhone. I am not as knowledgeabe about iPhone services though.
Either way, the only cross platform compatibility you'd be able to exploit would be perhaps the way data is sent and received from the server. You could use some standard such as JSON to send and receive data (and hence the same server). Although, both platforms have JSON and Apache libraries, the other parts of the apps or services themselves will need to be completely and dependently developed for each platform (UI, Internal Content Handeling, Syscalls, Permissions, etc).
You can remotely lock, wipe, factory reset, etc. Android devices using the security and device administration Android system interface. This still requires the user to grant permission and it asks them an a more.. obnoxious.. way so that they know what exactly they are agreeing to when they give an app device administration permission. If you ever use an exchange server for business or school, it's likely you'll run into this.
I am unsure about remote iPhone device administration on a jailed system.
If you really want something that can't be removed lest you do a factory reset, you'll need to know a thing or two about Unix programming, and a lot about the operating systems that their respective SDK's don't (and probably shouldn't) tell you. You'll need to be comfortable poking around sources and even reverse engineering if called for. If you're still interested, you'll want to hang around the circles that work on custom phone firmware and software for the iPhone, and Android (and Blackberry). I would start with Android. It's probably the easiest since the sources for the AOSP are easily and legally available.