I have been trying to find a way around validating a phone number (Android and iPhone) without using the SMS verification system. The reason is purely around cost. I would like a FREE solution.
Can I safely assume that Android OS will provide me with the user's phone number (no need for verification), making it a free solution?
How about iOS?
Thanks all for your help.
Android allows you to get the phone number. Your app will need the READ_PHONE_STATE permission from the user.
Then it's simple to get the phone number like so:
TelephonyManager tMgr =(TelephonyManager)mAppContext.getSystemService(Context.TELEPHONY_SERVICE);
mPhoneNumber = tMgr.getLine1Number();
ios does not allow you to get the user's phone number. They consider it a security risk.
one developer who tried this received a response from apple that said:
"For security reasons, iPhone OS restricts an application (including its preferences and data) to a unique location in the file system. This restriction is part of the security feature known as the application's "sandbox." The sandbox is a set of fine-grained controls limiting an application's access to files, preferences, network resources, hardware, and so on."
The device's phone number is not available within your application's container. You will need to revise your application to read only within your directory container and resubmit your binary to iTunes Connect in order for your application to be reconsidered for the App Store.
So, you will still probably need to use the SMS service. Good luck!
Related
I have a application which have a refer system
I get user imei no. to as a id of the user
but I checked my application I bypass my application using some app cloner have a funtion to set random imei no.
so how to protect my application from this things
Don't use the IMEI. First off- you can't get the IMEI on modern versions of Android. The OS itself will lie to you unless you're a preinstalled carrier app, the device owner app, or require a permission that normal apps cannot be given.
Secondly- not all devices have IMEIs. A tablet without cellular connectivity won't, for example.
Thirdly, its a massive invasion of the user's privacy (and illegal to do in some locations). Here's google's guidance on what to do for unique ids for your app https://developer.android.com/training/articles/user-data-ids Specifically note that you are NOT supposed to use any permanent hardware id as a user id.
What is the least invasive way to uniquely identify a user or a user's device in Cordova. I've not yet been looking at iOS yet, but it looks like ANDROID_ID is definitely not unique, which rules out org.apache.cordova.device.Device's uuid property.
Specifically, this is for recovering remote user account data in case of a phone- or application-data reset and I am trying to figure out how to do this with the fewest app permissions and the smallest cognitive load on the user.
Currently, I think the only routes I have are:
Ask user for email
Use third-party authentication (OpenID, Facebook, Twitter, Weibo, etc.)
Ask user for a uname/password
If your problem is only about backups, I don't know about Cordova/iOS, but Android has a standard backup service meant for this, which should work on even non-Google firmwares (assuming the ROM-maker did integrate a backup service)
Concerning having a unique ID, I don't think there is any obvious answer, it depends on your more precise need:
According to the link you gave, the non-unique ANDROID_ID bug only applies to <= 2.2, is that relevant for your use-case ? (Edit: Though ANDROID_ID will change after phone-reset, so that doesn't match your need)
Asking user for email means taking care of spams
username/password means have proper security, not to leak infos
My personal preference is third-party authentificatino, but then you'll need your users to have a google account/facebook/etc, which you might not want
Also, one problem you might want to consider, is that Android devices are getting more and more multi-user capable. Do you want to a identify a device or a user ?
If the later, one user might have multiple devices for the same application.
If you want to identify an user then you have to use any of the routes you though and any of them will require permissions, so it's up to you which one to choose.
For identifying a device, the best choice is to use the IMEI for phones and the Build.SERIAL for devices that don't have IMEI (tablets, media players), you will have to create a plugin to get those values
I need to know how to get the phone UID when read by an NFC reader. The reader has to uniquely identify my phone so that it can be used to open a door.
Do you know if this is possible? I've been looking and have not found how.
In the event that it isn't possible, what do you recommend?
The current Android does not support tag emulation, so I must assume you will be using some kind of P2P protocol when talking to your door. If the phone sees the door as a passive unit, thats the same.
A key insight in your plan is that you should encrypt the communication to your door, and that the encryption key is really what matters. Any unique id you come up with can be faked, no matter where it comes from.
I'd put the encryption key somewhere online in a properly stored file. So then you are also covered once you loose your phone or it just breaks.
My approach would be to make a Google App Engine app which lets you sign in using your Android (email) account; i.e. an app which signs the user in using the built-in Android accounts. Put the encryption key there, possibly behind yet another password.
There are different device specific numbers which you may use.
IMEI = International Mobile Equipment Identifyer, a number phones have specific for their hardware
Mobile phone number, this is depending on your mobile subsciption
There is also the ANDROID_ID, which is a unique number for a Android device. However there appears to be a glitch in V2.2
See also these articles:
How to find serial number of Android device?
Android Tablet Serial Number (not IMEI/DEVICE_ID/SERIAL)
Device SERIAL NUMBER
Following is the scenario:
I have an web application accessible via mobile browser.
I need to detect a mobile device IMEI and sim IMSI whenever an user clicks on link in my app page accessible via web browser. This is to track the same device with same SIM and provide him/her next level of access. User cannot be tracked using loginid as there is no user login kind of option in my page.
The question is how to get unique device id/sim id via mobile browser for a specific mobile device.
For now I am focusing on android based mobile devices. But the target is to make it generic to devices.
Focus of most of the ideas is, what is the kind of access a browser has over the phone and its app?
From a browser link we can open a local app in the following way:
Get Details
here productcateory will uniquely identify a local app and invoke it. But its one way communication. How to get back some response from the point of invocation and populate some hidden form field dynamically.
Via webpage scripts we can store some data locally at client machine and retrieve it later. but the scope is limited and it is no way connected to IMEI or IMSI number.
Is there a way to get a hook to mobile browser app(remember it's like any other mobile application) from the webpage and get the id details via scripts in my page?
Is there any option that html5 provides in this regard? I know there is a localstorage tag in HTML5 and one can store an id in the client location and retrieve it later. But this is limited to the same device and same mobile browser and also this is a different solution to get the imei/imsi number
Let me know if there is any other option without asking user to installing a local app or browser plugin on the device?
~inkriti
For very good reasons it is impossible for the web browser to access the IMEI or IMSI numbers of a mobile phone, without some dastardly hacking that the dev teams hadn't expected.
Also the android browser doesn't support plugins.
Your only option is to create a native app. This answer has some info that will be useful to you: Programmatically obtain the phone number of the Android phone. Its not a perfect solution however.
I would also ask why you want access to the users phone number? If its just to track session just use javascript to generate a unique id and store it in a cookie.
The original issue is probably closed, however for future reference of anyone (like myself) that comes across this question would be something like 2-factor registration with confirmation via text. The closest to getting an IMEI (impossible without native apps) would be to get the user to register and include a text confirmation - the mobile phone number in most cases will be unique, only non-unique when changing devices, and some assumptions can be made from the client-side to guess what device they have, you could even go a step further and ask them to identify the make/os of their device if you were that concerned about unique-ness. However in most use-cases a mobile number confirmation will do the job
The only reliable way is to write an app and have it send a SMS and then track the number on that end; assuming the subscriber has SMS/text service enabled. This won't work on non-phones (tablets).
It is not important, nor is it necessary and it is probably illegal to track the device (IMEI); simply track the subscriber.
When a user runs my app (iOS or Android), can I automatically get their phone number and contact details for back up?
I can't vouch for Android but for iOS the answer is a definite no. Here's what Apple will say when they reject your app:
For security reasons, iPhone OS restricts an application (including
its preferences and data) to a unique location in the file system.
This restriction is part of the security feature known as the
application's "sandbox." The sandbox is a set of fine-grained controls
limiting an application's access to files, preferences, network
resources, hardware, and so on."
The device's phone number is not available within your application's
container. You will need to revise your application to read only
within your directory container and resubmit your binary to iTunes
Connect in order for your application to be reconsidered for the App
Store.
See Programmatically get own phone number in iOS for additional notes.