During the Account Linking of our app with Google Assistant, we authenticate the user by mapping its WAN IP Address.
Once Webhooks intents are received, they are coming from Google cloud, not the user device, so the WAN IP doesn't match. It's then impossible to know if the user is still at home.
It seems there are ways of obtaining user and device identity, like name or device location. Is there a way of obtaining the device WAN IP address?
(à la x-forwarded-for).
In short - no.
The Assistant platform is meant to allow users to, somewhat transparently, move from device to device. The device ID isn't even standard.
If you need to know their location to make sure they haven't moved, then you can ask for their physical location. For speaker devices, such as the Home, it will use the device location that was set by the user, but for mobile devices it will use the GPS.
Related
I'm working on a mobile game in Unity and I want to be able to identify my user without them logging in (so when they send data to the server I will know it's them).
In this specific case, the solution doesn't have to be data-loss proof (meaning it's not the end of the world if the user loses access to their data on the server), but I really want to avoid situations where users can access other users' data.
Here's what I thought of so far: When the user starts the game, a random ID is created and saved into PlayerPrefs. From there, the game takes that ID, adds to it the IP address of the user, and hashes it.
This hash is then sent to the server, and the server keeps in its data the hash as well as the IP address the request was sent from.
From now on, every request sent by the user to the server needs to be signed by the hash and come from this specific IP address. This means that if the user clears PlayerPrefs, uninstalls the game or changes device - they will lose access to their data on the server.
Do you think this will work, or is this impractical/insecure/inefficent?
Thanks in advance!
You can identify device by its unique ID. Works for Android and iOS. (Documentation)
string deviceID = SystemInfo.deviceUniqueIdentifier;
You cant take the IP because it changes a lot on a mobile phone, you need to stick to a random UUID generated when the app is installed, maybe you can add something like the MAC address of the Wifi adapter because that wont change... but if the user is on roaming or using the cellular network is a guess...
Remember that getting hardware identifiers are against the privacy procedures of many countries and companies, i'll stick to generating a random UUID for each app install
https://developer.android.com/training/articles/user-data-ids
Programmatically getting the MAC of an Android device
One of our hotel clients provide free WiFi to its guests with a Hot Spot, however, there are available only a few URL to access them freely (such as Facebook or the website of the hotel) and if you need more access you should log in.
We have developed the App for the hotel and one of its features is that if you open the App it gives you a complete access to the hotel WiFi, so you can navigate to any page you want.
Therefore, it is necessary that the guests can download the app through the AppStore without being logged in to the hotel WiFi, so the guest can download the App and get the access immediately.
We have a trace of the URL that calls the AppStore for search and downloading the App and we have set the Hot Spot to allow access to this URL, however, the AppStore tells us that we have no connection.
What URL should we need to enable in our Hot Spot for the AppStore to work properly?
These are the routes that have enabled:
search.itunes.apple.com
play.itunes.apple.com
init.itunes.apple.com
su.itunes.apple.com
itunes.apple.com
se.itunes.apple.com
p59-buy.itunes.apple.com
pd-st.itunes.apple.com
xp.apple.com
sp.itunes.apple.com
Thank you for your help.
Apple Appstore communicate using HTTPS. So router in the middle will not know what url that been use by client due to it's encrypted.
The solution is, instead of allow those by url. you need to allow it by ip address.
I would suggest to allow connection to the following address.
17.154.0.0/16 Apple's Class B Subnet includes phobos.apple.com address(es)
23.63.98.0/23 Akamai Technologies CDN
Please keep in mind that xxx.xxx.xxx.xxx/16 mean 255.255.0.0.
And it will be equal to allow ip adresss from 17.154.0.0 - 17.154.255.255
Also Akamai is a Content delivery service So ip address will various from location. I would suggest you to try to ping swcdn.apple.com get ipaddress and allow those /23 server.
The provider register the tokens of each device, that's fine, the server will have a list of unique tokens for each device who has the app.
After the iPhone deliver the token to the provider, I want to search a specific contact on the device to figure out if the contact already have the app installed.
Any ideas?
no can do, you will need to call back to your web service with the token you are enquiring - if there is a match on your database then bingo,
sadly you dont have much control over contacts.
I'm working on an iphone app and will be using a 3rd party advertising services. The advertisting service want me to provide them with the users IP address via an API call. This is so the ad service can track users across web and app.
So is the IP address counted as device information? Do apple policies allow me to share the IP address with a 3rd party? My privacy policy will indicate that I'm collecting and passing on the IP address.
Thanks.
Any time your application makes a HTTP request, the receiving web server will get the calling device's IP address. That's the nature of the beast.
Thousands of iOS applications make external HTTP requests and don't provide a custom EULA (look at all the apps out there with ads in them).
So, it is obviously not against Apple's policies. IP addresses are not technically personally identifiable information.
However, you should not share the device's unique identifier (found by doing [[UIDevice currentDevice] uniqueIdentifier]) because that is considered personally identifiable information and could be use to track a specific user. It may not be against Apple's policy, but it is likely illegal in the USA unless you provide a sufficient EULA.
We have an app wherein certain functionality needs to work only when the user is connected to a router associated with his account (we have some information about user accounts and home routers).
However, it is possible for the user to set up a VPN connection to his home router via any public wifi/3g network. We want to block certain functionality if that is the case.
Any ideas as to how it can be detected using any of the existing iphone/ipad apis?
Thanks,
Hetal
There is a flag in the reachability API called kSCNetworkReachabilityFlagsTransientConnection.
It is true when you are connected via a VPN and false if you are not connected via a VPN.
We used this flag value to check for our conditions.
There's no iOS API (public at least) that is going to give you information on whether you're running on a home router or public WiFi connection. You can only determine that you're on a WiFi connection vs. 3G. (for example, see the Reachability sample)
You might be able to do some sort of lookup based on the device's current IP address. You'd have to have each user register their router's IP address and have your application validate it before running, etc. But still, there'd be no guarantee that user's home router is secured. In other words, it could be just as wide open as a public WiFi.