-3

I am building android application that give each user a free points every month, we are Identifying the user using two parameters (user phone number and device IMEI)

the problem now some users are able to root their devices and use z3x box to change the device IMEI to be able to get more free points , we need to solve this problem , but there is no unique identifier for android devices, can anyone please advice

Amira Elsayed Ismail
  • 9,216
  • 30
  • 92
  • 175
  • does the user have a login? is so, that is their unique KEY, their ID. that ID is stored on the server side, they have no way to access it.... and by ID, I dont mean their username or email. when you insert items into a database, it will have an ID accesoiated with it. If you do server code, you can take it, convert it into a hash (base64 maybe), and save the hashed string. when the user tries to access it, you get their hashed id, unhash it, and verify from there. – letsCode Feb 13 '18 at 16:04

2 Answers2

0

I think that you force the user to have one account in one device only how !? At avery connexion with server change token and last token will be changed .

Addell El-haddad
  • 151
  • 4
0

One way of solving this, is by creating a unique identifier for each user.

Your app registration must have at least two steps:

  1. Validate device phone number by an SMS message.

    1.1. User enters a phone number.

    1.1.1 A web request is being sent to your api with the user phone number and IMEI creating a unique numeric code.

    1.1.2 API Sends an SMS message to that number with the unique numeric code.

  2. User Send another request with the given code.

    2.1. User enters the code from the SMS. sends another web request to API and ends the verification procedure.

    2.2. Device stores the unique identifier given in the response, and use it with every request or login.

Create a guid in db that represents these two parameters.

Alon Kogan
  • 3,258
  • 1
  • 21
  • 20