2

i am writing an app that will use persons phone number (on a device) to identify the user on my network. what methods can i use to verify that the phone number retrieved from the device is real and not spoofed. i came up with two methods to do it but both of them require use of SMS:

  1. sending SMS from a device to my server
  2. sending SMS from my server to a device and intercepting it with my app

are there any other methods, i would like to omit using SMS if possible.

thanks

android-developer
  • 1,574
  • 4
  • 20
  • 27
  • There are devices with no phone numbers. Is the phone number actually required? What if the user switches sim cards or changes phone numbers? How would you send an SMS from your server to the device without the devices phone number? – Mike dg Apr 07 '11 at 13:17
  • @Mike dg - my all requires a phone device with data connection :) – android-developer Apr 07 '11 at 15:05

3 Answers3

2

i think i found the best way to go about it. basically, i will have my app send a special text message to itself, the phone number of the device. i will of course notify the user that this will occur. my application will then intercept the SMS and will know that the number is all good. this should do it...

android-developer
  • 1,574
  • 4
  • 20
  • 27
  • can you suggest how your application intercept the SMS and will know that the number is all good ? actually i did the same and now i have to mannualy get verification msg by user but what i want that it should verify or check automatically... – Shani Goriwal Mar 25 '14 at 13:21
0

ok new answer lol

your problem is then exactly the same as encrypted transfers or website register issues. you could read up on how encryption programs transfert public and private keys to each other, I can't remember the details but if your app and your server both have a key you can use it to encrypt something like phone number+ConstantString and the phone number and then decrypt it and see if the numbers match.

jason

Jason Rogers
  • 19,194
  • 27
  • 79
  • 112
  • thanks but retrieving the phone number off the device was not the problem/question :) the question is how to verify that is real/valid/in use. phone numbers can be spoofed, fabricated on devices/emulators. i want to prevent the user A creating an account in my DB with somebody elses phone number. – android-developer Apr 07 '11 at 15:04
  • ha ok diregard my answer then. but read the modification it might help – Jason Rogers Apr 07 '11 at 16:42
  • still no go :( its not an encryption problem... seems like you dont understand my real question/concern. the phone A has a number, it could be US based, could be international, i dont care, my application can read it but how does it know its real, and by real i mean not spoofed. numbers can be assigned to emulators, phones, where they don't really work as far as dialing the phone the phone itself and applications installed can read it off the phone. – android-developer Apr 07 '11 at 18:19
0

but these functionality is dependent to sim provider vendor... so, it's not the efficient way.. too identify... the particular mobile.. use of IMEI no. is applicable to all android devices.. if it seems significant u can use it...

kamal_tech_view
  • 4,235
  • 4
  • 28
  • 49
  • IMEI is not applicable to all android devices. The XOOM wifi for one. Galaxy Tab wifi. The random Android "netbooks" – Mike dg Apr 07 '11 at 13:38