I'm having an iOS app where I want users to rate specific things with a rating from 1 to 5. It is meant to work without login.
The thing is that I want to identify each user uniquely so that nobody can abuse the system and rate for the same thing twice and/or just spam the server with fake ratings.
So I need a identifier which is
- Unique (A user should not be rejected to vote because the system thinks he already voted)
- Recoverable after reinstall (To prevent "Reinstall and revote")
- Validatable (To prevent some mass requests to the server with some fake identifiers and just spam ratings)
I know that it is impossible! to make this safely and if some smart guy/girl really wants it, he can break the system. But I want some safe as possible system for me to identify the user. Also, it can break the whole system when someone starts to spam ratings and I can't control it.
Also I've thought about only asking the user for the e-mail and generate a password from the device. So the user only has to input his E-Mail address and then the device is connected to that e-mail address. Maybe using the MAC-Address? But then again this one is changeable, too.
I know that the following attributes will not work:
- IP-Address (It is easy to change it and! is changing a lot. Also it is not unique)
- UUID (It is not validatable. Someone can just generate some random X-length numbers)
- https://developer.apple.com/library/ios/documentation/UIKit/Reference/UIDevice_Class/index.html#//apple_ref/occ/instp/UIDevice/identifierForVendor (it is not fullfilling 2. and 3.)
Identifying anonymous users did not help me really.
So what can I try to use? A combination of all of these? Is there some guide on how to calculate these kind of authentication-tokens?
Answers like "Nobody will try to hack your app you retard" or "Your app sucks anyway" are not welcome, since this is also a scientific question.
