Android: Are there any problems involved using IMSI - android

I know that there are problems with getting the phone number or the device ID (both can be null, device ID can be changed when the device is rooted etc.) but is there any problem with using the IMSI?

Yes- the user can switch sim cards. If you want to uniquely identify someone, use a shared secret (login/password, cookie, whatever) sent over an encrypted channel.
Oh also- wifi only tablets won't have an IMSI, they don't have a radio.

Related

Flutter get device serial number or any other unique identifier

I am making an app where the user has to register their device first and I can block user if they use device that are not registered, and therefore I need some unique ID from their device. I used device_info_plus and unique_identifier packages and got some unique information from the device. The problem is the user have no way of obtaining the information needed for registration like the one gotten from unique_identifier(ANDROID_ID).
Is there a way to obtain hardware serial number programmatically? Because that seems to be the only one usable for this case, or is there any other unique ID to identify a device that is obtainable both from user and programmatically?
You can use the package uuid.
Than call this method to obtain an unique id based on the device (it does not contain device's hardware data but:
String uuid = const Uuid().v1();

How to block multiple signup with different mobile number?

I'm developing an android app which contains registration form also,
Here I want to make user can register only once in the device. and if register again (by clearing data or reinstall) with different mobile number and email id, app should give error message.
I think you need to check IMEI number of device
IMEI number will not be changed if sim card changed.
This alone cannot be achieved on mobile device itself. You also need to maintain server which keep the identity of device and user mobile number together. device identity can be combination of IMEI and device id
When you try to register, you do all local validation on client but ultimately 1 network call is must to register, for this send device_id and newly registered number.
Next time when some user tries to register with new number from same device, u'd already have this information on server, server can respond back telling, hey looks like this mobile device is already associated with an number do you wish to use the previous number instead.
In case, user denies, he must be allowed to delete the old relation between oldnumber-current device.
There after he can proceed with the way initially he started to register.
Also this is completely business requirement, whether u want to have 1device-> #numbers or #numbers -> 1device. But i would rather suggest to keep it safe simple and secure with 1device->1number.
For Android Version 6 And Above, WLAN MAC Address has been deprecated.
For uniquely Identification of devices, You can Use Secure.ANDROID_ID.
And we don't need any additional permission to retrieve Android ID.
you can get Android Id like:
public String getDeviceUniqueID(Activity activity){
String device_unique_id = Secure.getString(activity.getContentResolver(),
Secure.ANDROID_ID);
return device_unique_id;
}
You can do this by below approach.
On sign up, get user device IMEI number as well and store on server database as well.(In this step make sure that user that IMEI number does not exist)

Is it advised to verify a phone number locally..?

I see that most of the applications (SnapChat, WhhatsApp) do the phone number verification through a OTP/verification code.
I was just wondering why not avoid this if public String getLine1Number () gives you a valid phone number and only do verfication code based auth if the above method returns null or empty string.
I don't know how reliable is this way of doing things. Any advice is much appreciated.
Thanks
Somebody could implement a fake client and can then send whatever he likes. The server should never trust information it gets sent from the client.
No it isn't advised to do so. Phone numbers are not available in SIM for all operators, for eg in INDIA Tata teleservices you can not retrieve this number. However in some countries the operators have stored phone numbers on SIM, and we can get those.
However if present it can be used to prepopulate on the Edittext and let user change it and only later SMS should be sent, if user accepts.
Most mobile operators does not store MSISDN(phone number) in the SIM.
Even if getLine1Number() returns a String, the String might not be reliable. (due to porting/MSISDN change etc.)
Programmatically obtain the phone number of the Android phone
It will be best to ask the user for the MSISDN for verification SMS.
Alternatively, you can consider to use other identifier.
Is there a unique Android device ID?
Yes, and in fact not all android devices + SIM card combinations will pour the phone number in that method. Plus, what happens if someone is using a Dual SIM card, or attempting to use their personal phone number on their second phone? You should rely on the user input when it comes to the phone number they want to be identified with.

Verify a user identity via Phone Number or other unique ID (iOS/Android)

Following scenario:
I want to create an wifi hotspot on a public place (e.g. train station). Therefore i want to write an mobile application (iOS and/or Android) which works as a portal page. As I would be providing internet access via my wifi hotspot I need to make sure that people who want to log in verify their identity properly (responsibility). First I thought i could do something like a facebook login but I guess that would not be enough as people can create fake accounts.
Then I got the idea that I could maybe access their telephone number via their smartphones.
I googled alot and came to the conclusion that it is pretty tough on both platforms.
The iOS method seems to be deprecated and apps wont make it to the app store with that version. Android can read the phone number from the sim card, but not all providers store the number on the sim card.
Question
Is there any possibility to get the phone number? Or is there any other way to uniquely identify a person in a wifi network?
Of course I dont want to do any of that without asking for users permission etc...
Greetings and thanks in advance
Peter
Choosing the MAC address is a good choice, it is not the safest, but it is the more easy to do.
The IMEI is not always provided, and the SERIAL is not uniq.
But actually, I don't know how to do this with iOS.
What is about the MAC address of the phone? This should be unique enough and you can get is easily from android and from iOS.
Android: http://developer.android.com/reference/android/net/wifi/WifiInfo.html#getMacAddress%28%29
iOS: How can I programmatically get the MAC address of an iphone
Using IMEI number
Android Does provide functions/method to access device IMEI number
First Set <uses-permission android:name="android.permission.READ_PHONE_STATE" />
in android manifest
TelephonyManager tm = (TelephonyManager) getSystemService(Context.TELEPHONY_SERVICE);
// get IMEI
String imei = tm.getDeviceId();
Hope it helps
For NON CDMA or GSM devices like Tablet
Use
import android.provider.Settings.Secure;
private String android_id = Secure.getString(getContext().getContentResolver(),
Secure.ANDROID_ID);
This would generate a unique code for the device..how ever it would change on when user reset the device ie factory reset it .. and it works for device having os > 2.2(froyo)
This really depends on who you are trying to identify. That may seem like an odd response, but usually, we are trying to identify two, not one, sets of credential elements.
First, we want ot identify the device itself -- is this the deivce we expect to see and can we trust that this device has not been tampered with. Second, we usually want to know if the user of this device at the moment is one we expect to be using this, now validated, device. (If I take your phone, without step #2, I just became you.)
This is why we have things like 802.1x. It lets me validate the user of a network, not just the device. For your case, consider something like:
For device validation, the combination of hte MAC address and the IMEI. TUrn those into a unique hash with some data from the user. For example.
ID = SHA1(IMEI+MAC(Wifi)+user password)
Now that we're pretty sure the device and user are correct, if you need to, you can go one step further and use that hash a key to encrypt a user validation step in your app. Even if the user is correct, if they're on the wrong device, their key won't decrypt.

Unique identifier for each phone Android

I want to create an application where the application will ask user to register with user details while using the app for the first time. This information will be stored in a remote database. Next time when user opens the application I want to identify the user from my database.
Now to implement this, I will have to find a unique identifier for each phone.
Could anyone let me know how to get unique identifier for each phone.
Regards,
Shannkar
You should read this: http://android-developers.blogspot.com/2011/03/identifying-app-installations.html
The problem with using the phone number is phone numbers change, get recycled, etc. SIM cards change. Get swapped. Etc. I've had real production experience with this.
I've had good results having users enter their serial# or ESN.
Or use the IMEI. You should be able to access it via the API.
If you want it automated, and cannot access the ESN or IMEI, then generate a GUID and store it on persistent storage in the device.
You can use IMEI as the unique identification.you can get IMEI of android device in the following way
TelephonyManager tManager = (TelephonyManager)getSystemService(Context.TELEPHONY_SERVICE);
String uuid = tManager.getDeviceId();
check my similar question here to get IMEI (UUID) number
How can I get the UUID of my Android phone in an application?

Categories

Resources