ICEmobile
  1. ICEmobile
  2. MOBI-826

Unique identifier for different mobile devices

    Details

    • Type: New Feature New Feature
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 1.3 Final
    • Fix Version/s: 1.4 Beta
    • Component/s: Containers
    • Labels:
      None
    • Environment:
      ICEmobile

      Description

      It is useful to have a unique identifier for a given mobile device. This can be used for security purposes, such as to alert a user if another device has attempted to sign on with the same credentials. It can also be used for persistent user data. For instance, even if the user clears their cookies or reinstalls the application, the unique identifier could be used to associate preferences or cloud data with that device.

        Activity

        Show
        Ted Goddard added a comment - http://developer.apple.com/library/ios/#documentation/uikit/reference/UIDevice_Class/Reference/UIDevice.html identifierForVendor
        Hide
        Ted Goddard added a comment -

        This is currently a container feature, but should be included in ICEmobile-SX. Since it can be implemented using offline communication and shared between multiple web applications, there are potential privacy implications.

        An equivalent android mechanism needs to be investigated.

        Show
        Ted Goddard added a comment - This is currently a container feature, but should be included in ICEmobile-SX. Since it can be implemented using offline communication and shared between multiple web applications, there are potential privacy implications. An equivalent android mechanism needs to be investigated.
        Hide
        Ted Goddard added a comment -

        The iOS container now sets a cookie (with a unique device ID) as follows:

        com.icesoft.device-id=CAFEBABE-2222-3333-4444-DEADBEEFCAFE

        This value should be considered to be an opaque string to allow for different device formatting.

        Show
        Ted Goddard added a comment - The iOS container now sets a cookie (with a unique device ID) as follows: com.icesoft.device-id=CAFEBABE-2222-3333-4444-DEADBEEFCAFE This value should be considered to be an opaque string to allow for different device formatting.
        Hide
        Ted Goddard added a comment -

        Sample android code:

        http://stackoverflow.com/questions/2785485/is-there-a-unique-android-device-id

        final TelephonyManager tm = (TelephonyManager) getBaseContext().getSystemService(Context.TELEPHONY_SERVICE);

        final String tmDevice, tmSerial, androidId;
        tmDevice = "" + tm.getDeviceId();
        tmSerial = "" + tm.getSimSerialNumber();
        androidId = "" + android.provider.Settings.Secure.getString(getContentResolver(), android.provider.Settings.Secure.ANDROID_ID);

        UUID deviceUuid = new UUID(androidId.hashCode(), ((long)tmDevice.hashCode() << 32) | tmSerial.hashCode());
        String deviceId = deviceUuid.toString();

        Show
        Ted Goddard added a comment - Sample android code: http://stackoverflow.com/questions/2785485/is-there-a-unique-android-device-id final TelephonyManager tm = (TelephonyManager) getBaseContext().getSystemService(Context.TELEPHONY_SERVICE); final String tmDevice, tmSerial, androidId; tmDevice = "" + tm.getDeviceId(); tmSerial = "" + tm.getSimSerialNumber(); androidId = "" + android.provider.Settings.Secure.getString(getContentResolver(), android.provider.Settings.Secure.ANDROID_ID); UUID deviceUuid = new UUID(androidId.hashCode(), ((long)tmDevice.hashCode() << 32) | tmSerial.hashCode()); String deviceId = deviceUuid.toString();
        Hide
        Ted Goddard added a comment -

        If added to ICEmobile-SX with offline capability, it seems possible for the current Safari application to spoof the current domain and allow the unique ID to be used to identify the user across many different web sites. However, if the domain is spoofed, the ICEmobile-SX return URL will be different, resulting in the ID being transferred to a different web page. (In other words, the privacy implications may be accurately exposed to the user.)

        Show
        Ted Goddard added a comment - If added to ICEmobile-SX with offline capability, it seems possible for the current Safari application to spoof the current domain and allow the unique ID to be used to identify the user across many different web sites. However, if the domain is spoofed, the ICEmobile-SX return URL will be different, resulting in the ID being transferred to a different web page. (In other words, the privacy implications may be accurately exposed to the user.)
        Hide
        Ted Goddard added a comment -

        Suggestion from Nils: make the ICEmobile-SX version "opt-in" so that the user must manually set the preference to allow this ID to be propagated to the application. This should resolve any privacy concerns since the user must deliberately enable the feature for a particular domain.

        This will require implementation of the whitelist feature to complete.

        Show
        Ted Goddard added a comment - Suggestion from Nils: make the ICEmobile-SX version "opt-in" so that the user must manually set the preference to allow this ID to be propagated to the application. This should resolve any privacy concerns since the user must deliberately enable the feature for a particular domain. This will require implementation of the whitelist feature to complete.

          People

          • Assignee:
            Steve Maryka
            Reporter:
            Ted Goddard
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated: