0

This site http://www.gemalto.com/financial/ebanking/sdk/index.html is talking about "device fingerprint"

On an iPhone how would you do so ? By creating a token based on UUID ? Can't UUID be spoofed somehow ?

user310291
  • 36,946
  • 82
  • 271
  • 487
  • If you give a more specific example of what you're trying to accomplish in your iPhone app, you will get more helpful answers. –  Apr 22 '12 at 14:59
  • I just want to understand how technically they can create a fingerprint of an iphone. – user310291 Apr 22 '12 at 16:13

2 Answers2

1

It sounds like marketing-speak. They are probably using a combination of cookies and MAC-addresses, and maybe there's some public-private key encryption going on in there. And yes, it can all be faked. Any "fingerprint" that a network device could have is one that can conceivably be spoofed.

  • But iphone itself is not a network device: except for UUID which is just a number, if you do not give your iphone to the hacker there is no way it can reproduce the same fingerprint so it should be secure don't you agree ? It's just I can't see how they could use to get that fingerprint apart from UUID which is not really secure. – user310291 Apr 22 '12 at 16:12
1

First of all the devices UDID used by Apple is now no longer supported and apps using it will get rejected. And EVERYTHING can be spoofed or lost/changed - even when the device is restored.

The best bet I would go for is either use MAC address of the WiFi card Or just generate it server-side and store it locally on the device (this is more to track an install than the device)

shein
  • 1,834
  • 15
  • 23
  • "all the devices UDID used by Apple is now no longer supported and apps using it will get rejected": I'm surprised because I just downloaded an app which allows to get UUID. – user310291 Apr 22 '12 at 16:08
  • But what if the iphone may not be connected through a wifi ? And Wifi card can change from location to location. – user310291 Apr 22 '12 at 16:09
  • @user310291 - bad choice of words. Technically it is available on the device but Apple is rejecting new apps that use it. God knows if/when they will crackdown on apps already using it. But it's clear that it should not be used ( http://venturebeat.com/2012/03/25/apple-rejects-udid-apps/ ). Regardless reading the ma – shein Apr 22 '12 at 16:36
  • And regarding the MAC address - its not a problem. MAC address is available and readable regardless of your wifi and is as permanent as you're going to get. I think you are confusing with IP – shein Apr 22 '12 at 16:37
  • 1
    OK thanks for MAC suggestion found source code here http://stackoverflow.com/questions/677530/how-can-i-programmatically-get-the-mac-address-of-an-iphone – user310291 Apr 22 '12 at 16:45