Banning By Mobile Device?

Question

I am making some application that will be largely user driven and of course that means their will be trouble makers who probably will enter fake data into it using swear words or worse change valid data to bad data(ie changing to swear words)

Of course measures will be taken to try to curb this but in the end of the day I want to have the option to ban someone from my application.

My first thought is ban their account by email address. I was also thinking that maybe on top of that ban their devices.

My questions is is what unique id can I use from their phone if they use

Andriod
Iphone
Blackberry
Windows Phone 7/8

and how unique is it? Can it be easily changed?

Answer 1

For Windows Phone you should be able to use DeviceExtendedProperties. Specifically the DeviceUniqueId property.

Be aware though that, as they say in that article, if you use a device id to ban a user, then any future user of that same device will be banned from your app, even if they've done nothing wrong.

Answer 2

There are 2 identifiers that can be used together to identify a specific device and user.

The DeviceUniqueId and WindowsLiveAnonymousId

the first one is the device, and as noted, anyone who uses the device after the banned user will also be banned.

The WindowsLiveAnonymousId is unique to the user. I have seen this same identifier across 3 separate devices and it is always the same for the users LiveId.

I use the following 2 methods to get these ids for identifying game players for leader-boards:

//Note: to get a result requires ID_CAP_IDENTITY_DEVICE
// to be added to the capabilities of the WMAppManifest
// this will then warn users in marketplace

public static byte[] GetDeviceUniqueId()
{
    byte[] result = null;
    object uniqueId;
    if (DeviceExtendedProperties.TryGetValue("DeviceUniqueId", out uniqueId)) 
        result = (byte[])uniqueId;
    return result;
}

// NOTE: to get a result requires ID_CAP_IDENTITY_USER
//  to be added to the capabilities of the WMAppManifest
// this will then warn users in marketplace

public static string GetWindowsLiveAnonymousId()
{
    string result = String.Empty;
    object anid;
    if (UserExtendedProperties.TryGetValue("ANID", out anid))
    {
        if (anid != null && anid.ToString().Length >= (AnidLength + AnidOffset))
        {
            result = anid.ToString().Substring(AnidOffset, AnidLength);
        }
    }
    return result;
}

They are used as such:

string deviceUniqueId = String.Empty;
for (int i = 0; i < GetDeviceUniqueId().GetLength(0); i++)
{
    deviceUniqueId += GetDeviceUniqueId().GetValue(i);
}

DeviceUniqueIDTextBlock.Text = deviceUniqueId;
WindowsLiveAnonymousIDTextBlock.Text = GetWindowsLiveAnonymousId().ToString(CultureInfo.InvariantCulture);

I did a post last May about getting system info on WP7. This code is found here: http://www.adambenoit.com/applications/system-info-windows-phone/

Hope this helps.

Answer 3

All these devices have network interfaces with unique MAC addresses which by definition are constant - the MAC address is burned into the hardware and cannot be [easily] spoofed, especially on a mobile device. I would hash the MAC address and use that as the key. Pretty common practice on iOS once apple banned the use of UDIDs.

Answer 4

I would use the guid method. Though this can be circumvented by uninstalling and re-installing the app. Nothings perfect though

How to create a GUID/UUID using the iPhone SDK

How to get GUID in android?

How to create a GUID on Windows Phone http://msdn.microsoft.com/en-us/library/system.guid.newguid(v=vs.95).aspx

How to create a GUID on Blackberry http://supportforums.blackberry.com/t5/Java-Development/how-to-generate-GUID/td-p/289947