Verify a user identity via Phone Number or other unique ID (iOS/Android)

Question

Following scenario:
I want to create an wifi hotspot on a public place (e.g. train station). Therefore i want to write an mobile application (iOS and/or Android) which works as a portal page. As I would be providing internet access via my wifi hotspot I need to make sure that people who want to log in verify their identity properly (responsibility). First I thought i could do something like a facebook login but I guess that would not be enough as people can create fake accounts.
Then I got the idea that I could maybe access their telephone number via their smartphones. I googled alot and came to the conclusion that it is pretty tough on both platforms. The iOS method seems to be deprecated and apps wont make it to the app store with that version. Android can read the phone number from the sim card, but not all providers store the number on the sim card.

Question
Is there any possibility to get the phone number? Or is there any other way to uniquely identify a person in a wifi network?
Of course I dont want to do any of that without asking for users permission etc...
Greetings and thanks in advance Peter

Answer 1

Choosing the MAC address is a good choice, it is not the safest, but it is the more easy to do.

The IMEI is not always provided, and the SERIAL is not uniq.

But actually, I don't know how to do this with iOS.

Answer 2

What is about the MAC address of the phone? This should be unique enough and you can get is easily from android and from iOS.

Android: http://developer.android.com/reference/android/net/wifi/WifiInfo.html#getMacAddress%28%29 iOS: How can I programmatically get the MAC address of an iphone

Answer 3

Using IMEI number

Android Does provide functions/method to access device IMEI number

First Set <uses-permission android:name="android.permission.READ_PHONE_STATE" /> in android manifest

TelephonyManager tm = (TelephonyManager) getSystemService(Context.TELEPHONY_SERVICE);
// get IMEI
String imei = tm.getDeviceId();

Hope it helps

For NON CDMA or GSM devices like Tablet

Use

import android.provider.Settings.Secure;

private String android_id = Secure.getString(getContext().getContentResolver(),
                                                        Secure.ANDROID_ID); 

This would generate a unique code for the device..how ever it would change on when user reset the device ie factory reset it .. and it works for device having os > 2.2(froyo)

Answer 4

This really depends on who you are trying to identify. That may seem like an odd response, but usually, we are trying to identify two, not one, sets of credential elements.

First, we want ot identify the device itself -- is this the deivce we expect to see and can we trust that this device has not been tampered with. Second, we usually want to know if the user of this device at the moment is one we expect to be using this, now validated, device. (If I take your phone, without step #2, I just became you.)

This is why we have things like 802.1x. It lets me validate the user of a network, not just the device. For your case, consider something like:

For device validation, the combination of hte MAC address and the IMEI. TUrn those into a unique hash with some data from the user. For example.

ID = SHA1(IMEI+MAC(Wifi)+user password)

Now that we're pretty sure the device and user are correct, if you need to, you can go one step further and use that hash a key to encrypt a user validation step in your app. Even if the user is correct, if they're on the wrong device, their key won't decrypt.