ICEmobile
  1. ICEmobile
  2. MOBI-826

Unique identifier for different mobile devices

          Details

          • Type: New Feature New Feature
          • Status: Open
          • Priority: Major Major
          • Resolution: Unresolved
          • Affects Version/s: 1.3 Final
          • Fix Version/s: 1.4 Beta
          • Component/s: Containers
          • Labels:
            None
          • Environment:
            ICEmobile

            Description

            It is useful to have a unique identifier for a given mobile device. This can be used for security purposes, such as to alert a user if another device has attempted to sign on with the same credentials. It can also be used for persistent user data. For instance, even if the user clears their cookies or reinstalls the application, the unique identifier could be used to associate preferences or cloud data with that device.

              Activity

              Ascending order - Click to sort in descending order
              Ted Goddard created issue -
              Hide
              Permalink
              Ted Goddard added a comment -

              http://developer.apple.com/library/ios/#documentation/uikit/reference/UIDevice_Class/Reference/UIDevice.html identifierForVendor

              Show
              Ted Goddard added a comment - http://developer.apple.com/library/ios/#documentation/uikit/reference/UIDevice_Class/Reference/UIDevice.html identifierForVendor
              Ted Goddard made changes -
              Field Original Value New Value
              Fix Version/s 1.4 Beta [ 10874 ]
              Hide
              Permalink
              Ted Goddard added a comment -

              This is currently a container feature, but should be included in ICEmobile-SX. Since it can be implemented using offline communication and shared between multiple web applications, there are potential privacy implications.

              An equivalent android mechanism needs to be investigated.

              Show
              Ted Goddard added a comment - This is currently a container feature, but should be included in ICEmobile-SX. Since it can be implemented using offline communication and shared between multiple web applications, there are potential privacy implications. An equivalent android mechanism needs to be investigated.
              Hide
              Permalink
              Ted Goddard added a comment -

              The iOS container now sets a cookie (with a unique device ID) as follows:

              com.icesoft.device-id=CAFEBABE-2222-3333-4444-DEADBEEFCAFE

              This value should be considered to be an opaque string to allow for different device formatting.

              Show
              Ted Goddard added a comment - The iOS container now sets a cookie (with a unique device ID) as follows: com.icesoft.device-id=CAFEBABE-2222-3333-4444-DEADBEEFCAFE This value should be considered to be an opaque string to allow for different device formatting.
              Repository Revision Date User Message
              ICEsoft Public SVN Repository #36613 Tue Jul 09 11:05:01 MDT 2013 ted.goddard set cookie com.icesoft.device-id with iOS identifierForVendor (MOBI-826)
              Files Changed
              Commit graph MODIFY /icemobile/trunk/icemobile/client/ios/icemobile/Shared/NativeInterface.m
              Commit graph MODIFY /icemobile/trunk/icemobile/client/ios/icemobile/Shared/NativeInterface.h
              Commit graph MODIFY /icemobile/trunk/icemobile/client/ios/icemobile/Container/MainViewController.mm
              Hide
              Permalink
              Ted Goddard added a comment -

              Sample android code:

              http://stackoverflow.com/questions/2785485/is-there-a-unique-android-device-id

              final TelephonyManager tm = (TelephonyManager) getBaseContext().getSystemService(Context.TELEPHONY_SERVICE);

              final String tmDevice, tmSerial, androidId;
              tmDevice = "" + tm.getDeviceId();
              tmSerial = "" + tm.getSimSerialNumber();
              androidId = "" + android.provider.Settings.Secure.getString(getContentResolver(), android.provider.Settings.Secure.ANDROID_ID);

              UUID deviceUuid = new UUID(androidId.hashCode(), ((long)tmDevice.hashCode() << 32) | tmSerial.hashCode());
              String deviceId = deviceUuid.toString();

              Show
              Ted Goddard added a comment - Sample android code: http://stackoverflow.com/questions/2785485/is-there-a-unique-android-device-id final TelephonyManager tm = (TelephonyManager) getBaseContext().getSystemService(Context.TELEPHONY_SERVICE); final String tmDevice, tmSerial, androidId; tmDevice = "" + tm.getDeviceId(); tmSerial = "" + tm.getSimSerialNumber(); androidId = "" + android.provider.Settings.Secure.getString(getContentResolver(), android.provider.Settings.Secure.ANDROID_ID); UUID deviceUuid = new UUID(androidId.hashCode(), ((long)tmDevice.hashCode() << 32) | tmSerial.hashCode()); String deviceId = deviceUuid.toString();
              Hide
              Permalink
              Ted Goddard added a comment -

              If added to ICEmobile-SX with offline capability, it seems possible for the current Safari application to spoof the current domain and allow the unique ID to be used to identify the user across many different web sites. However, if the domain is spoofed, the ICEmobile-SX return URL will be different, resulting in the ID being transferred to a different web page. (In other words, the privacy implications may be accurately exposed to the user.)

              Show
              Ted Goddard added a comment - If added to ICEmobile-SX with offline capability, it seems possible for the current Safari application to spoof the current domain and allow the unique ID to be used to identify the user across many different web sites. However, if the domain is spoofed, the ICEmobile-SX return URL will be different, resulting in the ID being transferred to a different web page. (In other words, the privacy implications may be accurately exposed to the user.)
              Hide
              Permalink
              Ted Goddard added a comment -

              Suggestion from Nils: make the ICEmobile-SX version "opt-in" so that the user must manually set the preference to allow this ID to be propagated to the application. This should resolve any privacy concerns since the user must deliberately enable the feature for a particular domain.

              This will require implementation of the whitelist feature to complete.

              Show
              Ted Goddard added a comment - Suggestion from Nils: make the ICEmobile-SX version "opt-in" so that the user must manually set the preference to allow this ID to be propagated to the application. This should resolve any privacy concerns since the user must deliberately enable the feature for a particular domain. This will require implementation of the whitelist feature to complete.

                People

                • Assignee:
                  Steve Maryka
                  Reporter:
                  Ted Goddard
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated: