1

I have created an app for surveys where only one user can register per android phone. I am using "Secure.ANDROID_ID" for identifying unique devices on server side.

Now the problem is a lot of scammers are creating many fake accounts through fake mobile numbers and clone applications where the device id changes and earning a lot of rewards by completing surveys. I have handled some clone maker apps which can clone an app by changing package name but there are still some apps like "Multi parallel, Dual space app" which clones application and does not change package name or signature.

What i want is to somehow detect if the application is cloned and does not let the user use that app. Please guide me if there is any way to detect the clones..

OR is there any other way to identify unique devices on server side instead of using ANDROID_ID.

Salahuddin
  • 144
  • 1
  • 7
  • may be serial number of device? not sure we can get this or not – NehaK Dec 13 '20 at 17:03
  • No we can not get serial number. I tried but got this exception "The user 10011 does not meet the requirements to access device identifiers". – Salahuddin Dec 14 '20 at 05:13

1 Answers1

0

ANDROID_ID remains the same only until you reset the phone to factory, so it is not usable as UNIQUE_ID because it doesn't survives hard resets. You have to implement some Accounting based on email+confirmation_address of the ones you can found in Android --> Accounts page, in this way the user should add a valid Email Account (of which he has right credentials). Additionally you can register the user by sending Device Info as Manufacturer and/or ModelName to be sure an email account is not shared across many devices.

emandt
  • 2,547
  • 2
  • 16
  • 20
  • Thanks, I'll check this and let you know if it works for my case. – Salahuddin Dec 14 '20 at 05:17
  • This will not work for me because a user can create many different email accounts. What i want is to restrict user to create only one account in one device. ANDROID_ID somehow works but problem is the clone apps which changes ANDROID_ID. I am not worried about hard reset but clone apps. – Salahuddin Dec 14 '20 at 08:25
  • So you need something anti-tampering to detect when the App is decompiled and just changed in package name – emandt Dec 14 '20 at 17:30
  • I am checking the package name and signature which is working for some cloning apps, but there are other apps like "Parallel Space" which does not change package name or signature. It clones application in a virtual space and changes nothing. I am also able to detect emulators but that code does not work for virtual space on real device. – Salahuddin Dec 15 '20 at 05:50