[MOBI-826] Unique identifier for different mobile devices - ICEsoft JIRA Issue Tracker

Details

Type: New Feature
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 1.3 Final
Fix Version/s: 1.4 Beta
Component/s: Containers
Labels:
None
Environment:
ICEmobile

Description

It is useful to have a unique identifier for a given mobile device. This can be used for security purposes, such as to alert a user if another device has attempted to sign on with the same credentials. It can also be used for persistent user data. For instance, even if the user clears their cookies or reinstalls the application, the unique identifier could be used to associate preferences or cloud data with that device.

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Ted Goddard added a comment - 09/Jul/13 10:49 AM

http://developer.apple.com/library/ios/#documentation/uikit/reference/UIDevice_Class/Reference/UIDevice.html identifierForVendor

Show

Ted Goddard added a comment - 09/Jul/13 10:49 AM http://developer.apple.com/library/ios/#documentation/uikit/reference/UIDevice_Class/Reference/UIDevice.html identifierForVendor

Hide

Permalink

Ted Goddard added a comment - 09/Jul/13 10:53 AM

This is currently a container feature, but should be included in ICEmobile-SX. Since it can be implemented using offline communication and shared between multiple web applications, there are potential privacy implications.

An equivalent android mechanism needs to be investigated.

Show

Ted Goddard added a comment - 09/Jul/13 10:53 AM This is currently a container feature, but should be included in ICEmobile-SX. Since it can be implemented using offline communication and shared between multiple web applications, there are potential privacy implications. An equivalent android mechanism needs to be investigated.

Hide

Permalink

Ted Goddard added a comment - 09/Jul/13 10:56 AM

The iOS container now sets a cookie (with a unique device ID) as follows:

com.icesoft.device-id=CAFEBABE-2222-3333-4444-DEADBEEFCAFE

This value should be considered to be an opaque string to allow for different device formatting.

Show

Ted Goddard added a comment - 09/Jul/13 10:56 AM The iOS container now sets a cookie (with a unique device ID) as follows: com.icesoft.device-id=CAFEBABE-2222-3333-4444-DEADBEEFCAFE This value should be considered to be an opaque string to allow for different device formatting.

Hide

Permalink

Ted Goddard added a comment - 09/Jul/13 11:11 AM

Sample android code:

http://stackoverflow.com/questions/2785485/is-there-a-unique-android-device-id

final TelephonyManager tm = (TelephonyManager) getBaseContext().getSystemService(Context.TELEPHONY_SERVICE);

final String tmDevice, tmSerial, androidId;
tmDevice = "" + tm.getDeviceId();
tmSerial = "" + tm.getSimSerialNumber();
androidId = "" + android.provider.Settings.Secure.getString(getContentResolver(), android.provider.Settings.Secure.ANDROID_ID);

UUID deviceUuid = new UUID(androidId.hashCode(), ((long)tmDevice.hashCode() << 32) | tmSerial.hashCode());
String deviceId = deviceUuid.toString();

Show

Ted Goddard added a comment - 09/Jul/13 11:11 AM Sample android code: http://stackoverflow.com/questions/2785485/is-there-a-unique-android-device-id final TelephonyManager tm = (TelephonyManager) getBaseContext().getSystemService(Context.TELEPHONY_SERVICE); final String tmDevice, tmSerial, androidId; tmDevice = "" + tm.getDeviceId(); tmSerial = "" + tm.getSimSerialNumber(); androidId = "" + android.provider.Settings.Secure.getString(getContentResolver(), android.provider.Settings.Secure.ANDROID_ID); UUID deviceUuid = new UUID(androidId.hashCode(), ((long)tmDevice.hashCode() << 32) | tmSerial.hashCode()); String deviceId = deviceUuid.toString();

Hide

Permalink

Ted Goddard added a comment - 09/Jul/13 11:17 AM

If added to ICEmobile-SX with offline capability, it seems possible for the current Safari application to spoof the current domain and allow the unique ID to be used to identify the user across many different web sites. However, if the domain is spoofed, the ICEmobile-SX return URL will be different, resulting in the ID being transferred to a different web page. (In other words, the privacy implications may be accurately exposed to the user.)

Show

Ted Goddard added a comment - 09/Jul/13 11:17 AM If added to ICEmobile-SX with offline capability, it seems possible for the current Safari application to spoof the current domain and allow the unique ID to be used to identify the user across many different web sites. However, if the domain is spoofed, the ICEmobile-SX return URL will be different, resulting in the ID being transferred to a different web page. (In other words, the privacy implications may be accurately exposed to the user.)

Hide

Permalink

Ted Goddard added a comment - 17/Jul/13 5:17 PM

Suggestion from Nils: make the ICEmobile-SX version "opt-in" so that the user must manually set the preference to allow this ID to be propagated to the application. This should resolve any privacy concerns since the user must deliberately enable the feature for a particular domain.

This will require implementation of the whitelist feature to complete.

Show

Ted Goddard added a comment - 17/Jul/13 5:17 PM Suggestion from Nils: make the ICEmobile-SX version "opt-in" so that the user must manually set the preference to allow this ID to be propagated to the application. This should resolve any privacy concerns since the user must deliberately enable the feature for a particular domain. This will require implementation of the whitelist feature to complete.

People

Assignee:

Steve Maryka

Reporter:

Ted Goddard

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

09/Jul/13 10:20 AM

Updated:

17/Jul/13 5:17 PM