In iOS 5 the usage of [[UIDevice currentDevice] uniqueIdentifier] got deprecated. We are now encouraged to use own-generated UUIDs and store them in the app's NSDefaults. That's OK for most usage, I guess.
But my question is - is it possible to generate somehow the UUID that would behave like the device ID right now - I would like to keep it the same even after the application is removed and reinstalled. The purpose of this is to help tracking possible fraud tries taken from the iPhone.
I'm wondering if usage of MAC-address, as with this category: https://github.com/erica/uidevice-extension/blob/master/UIDevice-Hardware.m would be OK?
The discussion for the uniqueIdentifier property in the documentation states:
Do not use the uniqueIdentifier property. To create a unique
identifier specific to your app, you can call the CFUUIDCreate
function to create a UUID, and write it to the defaults database using
the NSUserDefaults class.
Writing it to the user defaults should ensure that it is kept if the app is removed/reinstalled I would have thought.
Edit:
Sorry, they are not kept when an application is removed apparently. The documentation describes how to generate a UUID but I can't find out whether it is constant for a given user/device. I have seen some people proposing the use of keychain for persistence through app removal/re-installation but don't know how recommendable it is (and in any case the user can, I suppose, remove the entries).
Create your own UUID using the method described by Apple (the one pointed out by jbat), store it in NSUserDefaults.
Using iCloud you can then use the Key-value store to help 'persist' this UUID to a specific user, between installs and different devices.
Related
I am creating an app where a user can store other peoples information and I would like to allow users to protect the information stored in my app using a passcode or Touch ID (If their device supports it).
I have already got the Touch ID part working thanks to apple's documentation, but I am kind of stuck on how to implement the passcode lock. Will i have to create another view controller for that passcode-entry? How can I ensure that my app does not have access to users passcodes (in case the app gets hacked or run on a jailbroken device)? Does Apple provide a framework or library for this purpose?
Can someone point me to some source code or documentation I can use?
You can try this library, which looks very promising and its written in Swift from #yankodimitrov.
SwiftPasscodeLock
You could use a library like VENTouchLock
Or you could look through its implementation and see how it works in order to replicate it.
I am trying to patch this security breach that Apple has identified. Only, the sample code (VerificationController) they provide uses this line:
[UIDevice currentDevice].uniqueIdentifier
Which has been deprecated and has had apps rejected from the app store. Any idea if this is OK again? or what is happening here?
Apple has updated the sample code deleting lines where UDID had been used.
In-App Purchase Receipt Validation on iOS
UDID vs UUID
From what I understand, Apple does not want developers to have access to a UDID (unique device identifier) anymore as it is not within an app's sandbox.
Think of a situation where a user gets a new iOS device (with a different UDID). Just because there is a new device does not necessarily mean there is a new user. Also, if someone gets a device previously used by someone else, we do not want to assume that because we have the same device, the same user must be using it.
Apple recommends using a UUID (universally unique identifier) for your apps instead. The only reason Apple allowed you to use UDID before was because they had not implemented UUID yet or had not considered the situations above (to my understanding). UUID's are generated for the object you want to keep track of (e.g. a user).
Basically, Apple's mentality is that you should keep track of users (or other instances), not devices.
Generating a UUID
To generate a UUID, try the including the following as a class method:
+ (NSString *)GetUUID
{
CFUUIDRef uuidReference = CFUUIDCreate(kCFAllocatorDefault);
NSString *theUUID = [(NSString *)CFUUIDCreateString(kCFAllocatorDefault, uuidReference) autorelease];
CFRelease(uuidReference);
return theUUID;
}
For my experience, I've called this method in the init method and stored the resulting NSString as a property of the instance that was just created.
Where did you hear that apps were rejected because of using it? Maybe they were using it maliciously but it is a public API. Also, look at the note on the page you linked to.
Note: This listing uses the symbols kSecTrustInfoExtendedValidationKey and SecTrustCopyInfo, which are not public API. Your app is allowed to use them for this specific purpose.
If they are even willing to let you use private APIs for this purpose, I doubt they would care about a public one.
Apple's problem with the UDID was always that they consider it private information, and so they were rejecting apps that sent it to, say, a server, without asking permission first. If you're just using it locally, I don't think you'll have trouble.
The function
[[UIDevice currentDevice] uniqueIdentifier]
Is deprecated in iOS 5 and I found the solution in this project using the MAC address: https://github.com/gekitz/UIDevice-with-UniqueIdentifier-for-iOS-5
Ok, it is solved. But now I discovery that iOS 5 CHANGED the format of code that uniqueIdentifier return.
In iOS 4.x it is in this format:
93F38DEB-3C0B-5C09-B746-0DFDFDDB297C
Now the iOS 5, the same function return in this format:
93f38deB3c0b5c09b7460dfdfddb297c
Anyone know if the code changed at all? It is different only is format or the code in really different for the same device?
A MAC Address is a (supposedly) globally unique identifier attached to a network interface, though they can be changed in many ways.
The uniqueidentifier that Apple used to provide access to was attached to the device hardware and not changeable, which made it excellent for tracking a user across apps and sessions. That's also the reason Apple is removing it, if I had to guess. Not having a way to track users across apps and sessions increases a user's privacy on their devices.
I wouldn't be surprised if Apple removes access to the MAC Address eventually for the same reasons, so it might benefit you to examine other options for tracking devices.
[[UIDevice currentDevice] uniqueIdentifier] will still give you the same result as before. The project that you link to is not a 1:1 replacement, it is an alternative that gives you a similar solution using a different implementation, thus the two string are different.
You shouldn't use unique identifier on iOS 5. That's all you need to know.
The unique identifier on iOS was always something redundant and a big security threat. Other operating systems don't have unique identifiers and they can live without them.
You can always generate unique identifiers on your server and send them to your device.
You can always generate them from some unique system property (e.g. MAC), using system functions. On iOS you can create a unique identifier using CFUUIDCreate. This identifier is unique across devices and across time (you'll get a different identifier every time you call it) but you can save them (e.g. into keychain).
The code CHANGED!!!!!
UniqueIdentifier is no more UNIQUE!!!
The first format have 36 hexa lenght
93F38DEB-3C0B-5C09-B746-0DFDFDDB297C
The second have 40 hexa!!!!!
Because this, it changed. I don't know if it append more hexa to identifier, but the bigger size changed al all.
This is my first post on here so be nice :) I am new to coding iOS and currently coding an app which uses a login system which communicates with the server and saves a users UDID. I need to app to check the UDID is on the server and if it matches to auto fill the Username UITextField in the login form.
Please could someone help me out or point me in the right direction.
Mike
Welcome to SO.
I assume you know how to get the UDID? If not, you get it as this
NSString *udid = [[UIDevice currentDevice] uniqueIdentifier];
Send this to your server (where you have a table with UDIDs and corresponding user information). Using PHP (or whatever language you are using), check if there is an entry for this UDID on the server. If yes, get the corresponding username and set it in the text field as
[textField setText:theUserName];
If you don't know how to send requests and get response from iOS apps, ASIHTTPRequest would be a good and easy way to begin.
If you need any other specific help, I would suggest updating the question.
Welcome to both iOS and Stackoverflow!
You could build a PHP service which would verify the UDID of your device and check if this device and username are already registered at your site, asuming you are keeping track of these registrations using a MySQL database, PHP could most certainly do the trick.
After verifying the existence of this device, you could use a JSON callback to send the UDID of the device to the iPhone.
As for parsing this JSON check out SBJSONParser.
It might be hard to pull this off in 2 languages, asuming you are new to both. This task is possibly completed in more secure or easier methods, but this might be a consideration to check every part of web communication that the iPhone has to offer
Good luck!
Bryan
Mike, Apple will be phasing out UDID so you should really look at a new approach to this. I would suggest a combination of app.domain and the device MAC number.
Then, have your app talk to your server using HTTPRequest and return the data as JSON and parse that on the app side.
GitHub already has a solution to UIDevice uniqueidentifier being dropped:
https://github.com/gekitz/UIDevice-with-UniqueIdentifier-for-iOS-5
Project Description:
Description
Apple stopped supporting a unique identifier for iOS. This
source code solves the problem. It generates a unique identifier based
on the mac address of the device in combination with the bundle
identifier.
What you need to do:
copy NSString+MD5Addition and UIDevice+IdentifierAddition to your
project.
use [[UIDevice currentDevice] uniqueDeviceIdentifier] to retrieve the
unique identifier or
use [[UIDevice currentDevice] uniqueGlobalDeviceIdentifier] to
retrieve a global unique identifier (used for tracking between
different apps).
have fun and follow twitter.com/gekitz ;)
//Thanks to Erica Sadun for her UIDevice+Hardware Addition (used for
the mac address retrieval).
I know each iPhone has a electronic identifier other than the phone # or ESN - how do I call it and what does it return?
The UIDevice class contains the information you need.
[[UIDevice currentDevice] uniqueIdentifier]
If you need security, then you probably can't use the device's built-in unique identifier, because one could easily spoof this information. I'm just guessing here, but, most likely, from your server's perspective there's an incoming connection/request that contains the phone's ID. Now, how can you be really sure the connection/request is actually coming from the iPhone with that ID?
One solution is to issue each new device that connects to your server with a unique ID of your own in a secure way (i.e., the ID can't be obtained by a third party). You then need to use a secure protocol whereby a connection/request proves to your server that it originated from a device that knows the above ID.
if you are writing a web app, why don't you use standard cookies?