I have 10 IOS devices in my company predominantly ipads running IOS 6. I have a server where I've created the appropriate web services for my devices to communicate with. I wish to extend the current setup by only allowing validated devices access to the webservices.
I have looked into passing the UDID as an extra attribute to the web server which would then be run against a database containing encrypted UDIDs and if its found a match then the device is validated and allow the web service process to continue.
However i understand that UDID is now depreciated. What is the easiest way i can implement a unique UDID for each device which would also work for future in-house application updates?
Why don't you create a standard login system whereby the user logs in on the device with a username and password, and then the server returns a certificate that can be used to validate future interactions? Why restrict users to specific devices when you can just require a login. The end result - limiting which users can use the system - is still realized, but in a more flexible and extensible way.
Use the UIDevice identifierForVendor to identify the device under iOS6.
[[UIDevice currentDevice] identifierForVendor]
From Apple docs:
"The value of this property is the same for apps that come from the same vendor running on the same device. A different value is returned for apps onthe same device that come from different vendors, and for apps on different devices regardles of vendor."
Another way I have used is to generate a UUID on the server, email it to the user with a URL scheme that opens the app and the app saves it in the keychain. The keychain saves the UUID across app delete/reinstall.
Use the MAC address of the device. It is not against Apple Policy and it NEVER changes.
Related
I'm writing an app that manage accounts stored in a server,like any other social app. What i wanna do is to forbid a double login with the same account in two devices. So when a user will log to my app i have to log out any other devices that is logged with the same credentials. To identify the device i use openUDID for ios<6 and identifierForVendor for ios>=6. The devices id are stored in the server db. There's a way to take this id and send a notification/messagge to the related device? I know that i can simply check the actual device id and the stored id to know if is the same device...it's not enough, i need to send a notification to the device. How i can do?
The only way to send a message to an other device is through APNS.
Take a look at this tutorial -> http://www.raywenderlich.com/32963/apple-push-notification-services-in-ios-6-tutorial-part-2
I am doing some research about what types of data is (legally) available for me to store in a database to perform checks against if i decide to do a subscription based application.
For instance can my app query for the devices UDID number? then me save that number against the registration of the application.
As of iOS5, the API to obtain the device UDID has been deprecated for privacy reasons. There are efforts to find suitable replacements, however, such as https://github.com/gekitz/UIDevice-with-UniqueIdentifier-for-iOS-5, which uses the MAC address and application ID to create a unique identifier that is unique only to an individual app on a particular device.
I am working on an iPhone App which communicates with a Server to store and exchange data. Since I would like to make it as simple as possible, I want to avoid registration (or mybe also the using of a password) for the user account. Is it possible (and allowed?) to get the UDID of the iPhone device and make eg. an MD5-hash of it, which I transfer to the server and use it for authentification? Since this ID is unique I could simply use it to login and get the user specified data from the server, without any need of creating login data.
Is it allowed to access the UDID, make an MD5-hash of it and store it in a database?
Second question is: how do I get the UDID? ;-)
Yes, it's allowed, but take into account what I have reported below, from the documentation.
You can retrieve the UDID as follows:
NSString *udid = [[UIDevice currentDevice] uniqueIdentifier];
Note the following from the offical Apple's documentation:
A device’s unique identifier (sometimes abbreviated as UDID for Unique Device Identifier) is a hash value composed from various hardware identifiers such as the device serial number. It is guaranteed to be unique for each device. The UDID is independent of the device name. For devices that use a SIM (subscriber identity module) card, the UDID is independent of the SIM card.
For user security and privacy, you must not publicly associate a device’s unique identifier with a user account.
You may use the UDID, in conjunction with an application-specific user ID, for identifying application-specific data on your server. For example, you use could a device-user combination ID to control access to registered products or when storing high scores for a game in a central server. However, if you are developing a game, you may want to instead use Game Center’s player identifier key as explained in Game Kit Programming Guide.
Important: Never store user information based solely on the UDID. Always use a combination of UDID and application-specific user ID. A combined ID ensures that if a user passes a device on to another user, the new user will not have access to the original user’s data.
I've used the UDID for checking if the device already has a running subscription.
Getting the UDID is easy:
NSString *udid = [[UIDevice currentDevice] uniqueIdentifier];
If you read up on the App store rules, there is a section about letting the user create an account to move the subscriptions to an other device.
In this section Apple makes clear that the account creation must be an username and password that the user must enter. The username can't be an e-mail address since it is personal information.
If you app leans heavy on the data, an optional user account creation would be advisable.
The AppStore Review guidelines can by found : http://developer.apple.com/appstore/resources/approval/guidelines.html
UDID is hidden since iOS-6 and later so you can uniquely identify device by:
NSString *UDID = [[UIDevice currentDevice] identifierForVendor];
I will have multiple applications on the app store and 1 urban airship account to send push notifications to all of these devices. What I want to know is if each Apple device has the same "push token" across all applications? This is more of a database architecture thing so that I don't duplicate a push token many times if one single device uses many of my apps.
If each Apple device generates a unique push token for each application it has installed my architecture needs to change.
Device tokens are not exactly unique per device; they're unique per operating system installation. So if a user buys a new device but does not restore from backup, then they'll get a new device token. And if a device is wiped, it will get a new device token, so the new user doesn't get the old user's messages.
In addition, there are different tokens returned for development apps using the sandbox and distribution apps using the production system.
Since a single user might have your app installed on multiple devices legally (iPhone and iPad, for instance), it will be much safer to have a many to many relationship between users and device tokens, to be on the safe side.
And since you mentioned Urban Airship, you might find that our alias feature helps for this sort of thing; you can assign a non-unique alias to the different tokens in our end, and then we'll keep track of the mapping between your users and their device tokens. See the registration and push parts of the UA documentation.
Edit: An update because I saw some more upvotes on this old answer. As of iOS 7, device tokens are unique for each application, even on the same device.
According to apple latest doc:
Never cache device tokens in your app; instead, get them from the system when you need them. APNs issues a new device token to your app when certain events happen. The device token is guaranteed to be different, for example, when a user restores a device from a backup, when the user installs your app on a new device, and when the user reinstalls the operating system. Fetching the token, rather than relying on a cache, ensures that you have the current device token needed for your provider to communicate with APNs. When you attempt to fetch a device token but it has not changed, the fetch method returns quickly.
For more info check apple doc
Task:
have a jailbroken iPhone
need to write an application which would receive notifications from APNs
Problem: after running the application on iPhone program shows an error: "no valid apps-environment entitlement string found for application" (at registerForRemoteNotificationTypes- call i suppose).
As I've understood the problem source is that I built the application without a provisioning profile.
Question: is there any possibility to make the program work before I receive my apple developer account (in order to create a provisioning profile)?
Apple Push Notification Service requires that a device be registered with the service in order to receive notifications. In order to register with the APNS server, an app needs to be signed and provisioned.
Also, jailbroken phones may not work correctly in many cases where a legitimate application, that has been signed, provisioned and distributed officially via the iTunes App Store, is being used.
I believe it was reported that notifications from the AIM app intended for legitimate iPhone users were being sent to people with jailbroken iPhones, who in some cases didn't even have AIM installed. This probably has something to do with the fact that jailbreaking allows a user to change their device's UDID, which just screws everything up.
No. You need to have a valid provisioning profile.
You can send a fake push notification locally if you installed MobileSubstrate, with this method:
http://networkpx.blogspot.com/2009/06/sending-push-notification-locally.html