0

I want only my employees to be able to connect to my server from their mobile application.

In addition to a username/password type of security, I would like only pre-approved devices to be able to connect to the server and try to login.

Is there a way to configure some kind of certificate manually on the devices and from the server only allow those devices to connect? SSL maybe?

Ideally, the certificate would be unique to each device (so we can later revoke access to a device).

Nathan H
  • 48,033
  • 60
  • 165
  • 247
  • You can use IMEI number of device as unique certificate. – mr.icetea Sep 21 '15 at 08:57
  • IMEI is not available on all platforms. But I have a way to get a unique ID that's ok. But I'm looking for a solution not on the code level but rather at the certificate... – Nathan H Sep 21 '15 at 09:02
  • you can send a key with your login success, parse the key in the client side and send that with all the calls, if the key is right send data. In each login you can change the key – Sree Sep 21 '15 at 09:07

1 Answers1

0

You can use following code to get the unique device id and you can keep this id on service side and can use it to revoke access to server. For reference See this Device Unique ID

 final TelephonyManager tm = (TelephonyManager) getBaseContext().getSystemService(Context.TELEPHONY_SERVICE);

final String tmDevice, tmSerial, androidId;
tmDevice = "" + tm.getDeviceId();
tmSerial = "" + tm.getSimSerialNumber();
androidId = "" + android.provider.Settings.Secure.getString(getContentResolver(), android.provider.Settings.Secure.ANDROID_ID);

UUID deviceUuid = new UUID(androidId.hashCode(), ((long)tmDevice.hashCode() << 32) | tmSerial.hashCode());
String deviceId = deviceUuid.toString();
Community
  • 1
  • 1
Sheeraz Shaikh
  • 1
  • is it work for all the device manufacture and are you sure the device id will not change ?? – Sree Sep 21 '15 at 09:08