12

How should I go about identifying an android user to a server. Should I get the IMSI number and some salting algorithm? Considering androids space and performance limitations is there a library that isn't too heavy that I can use to do the calculation?

Christian
  • 25,249
  • 40
  • 134
  • 225
  • 2
    Do you want to identify the _device_ to the server or the _user_? – Blrfl Oct 18 '10 at 15:49
  • This is probably a duplicate of http://stackoverflow.com/questions/3464881/generating-device-specific-serial-number and http://stackoverflow.com/questions/3679120/uniquely-identify-an-android-handset. Be aware that some folks are suggesting using the IMEI -- this is OK for phones, but devices like wifi tablets have no IMEI. – Yoni Samlan Oct 18 '10 at 15:50
  • 1
    The other question is just about which ID to use. I also ask for the proper way to handle the private information. – Christian Oct 18 '10 at 15:56
  • I would want to identify the user. If I can't identify the user then the device is a suitable alternative. – Christian Oct 18 '10 at 15:58
  • Don't rely on Android_id, rooted devices have a fake one – fedj Oct 18 '10 at 15:46
  • it's actually a lesser problem with rooted devices than some Motorola devices who all share the same ANDROID_ID. – Grantland Chew Jan 09 '12 at 23:28
  • By fake, I mean that some custom roms directly precise ANDROID_ID so collisions happens – fedj Oct 19 '10 at 12:24
  • `ANDROID_ID` is generated when the device is first booted / when a factory reset is performed. Custom ROMs might allow you to change your `ANDROID_ID`, but there's no such thing as a "fake" `ANDROID_ID`. And yes, collisions can happen (custom ROM or not). – Felix Oct 18 '10 at 15:58
  • I think you mean devices w/ custom ROMs. Rooting a device really just adds one new app and one new system binary. – Segfault Oct 18 '10 at 15:50

4 Answers4

5

I think you cannot identify a user without any kind of account. Everything else is not reliable or only a device identification. Why don't you provide an own registration service for your server, so you can give an unique id to every user.

Another option might be the Google account which is bound to the device? Or will this cut you target audience for your up? But if you're building an app which extends some sort of Google tool, app or whatever then user will already have a Google account so your app could also use it to identify the user.

Flo
  • 27,355
  • 15
  • 87
  • 125
4

As stated by developer.android:

Applications typically try to remember the user using one of three techniques:

  1. Ask the user to type in a username
  2. Retrieve a unique device ID to remember the device
  3. Retrieve a built-in account from AccountManager

Option (1) is problematic. First, asking the user to type something before entering your app will automatically make your app less appealing. Second, there's no guarantee that the username chosen will be unique.

Option (2) is less onerous for the user, but it's tricky to get right. More importantly, it only allows you to remember the user on one device. Imagine the frustration of someone who upgrades to a shiny new device, only to find that your app no longer remembers them.

Option (3) is the preferred technique. Account Manager allows you to get information about the accounts that are stored on the user's device. As we'll see in this lesson, using Account Manager lets you remember your user, no matter how many devices the user may own, by adding just a couple of extra taps to your UI.

Spartako
  • 113
  • 2
  • 10
Aditya
  • 5,509
  • 4
  • 31
  • 51
  • 4
    When copying content, please mention the source. In this case, it would be http://developer.android.com/training/id-auth/identify.html – laalto May 27 '13 at 07:30
  • Would option C still be the best option if you were writing the same app for iOS as well? or would something like generating a unique ID server side to store on the phone based on something else, like the users phone number (user enters phone #, server issues back a uid that gets stored on the phone)? I found this while trying to tackle the exact same problem. – Evan R. Jun 05 '13 at 05:50
  • 1
    Yes, you can generate UUID in iphone using help from [this](http://stackoverflow.com/questions/11597100/uniquely-identifying-an-ios-user) question. It also gives a nice way if user has more than one phone and wants to sync. – Aditya Jun 05 '13 at 10:14
0

To identify the user I should think using the google account is the best option, see the answer at Generating Device-Specific Serial Number

If you just wish to identify an instance of your application, then why not let the server distribute ID:s?

When your app launches, get SharedPreferences and check if "myid" has a value, if not, then request an ID from the server, which you store as "myid" in SharedPreferences. This id will survive app updates (but not uninstall/reinstall).

On the server side, store all registered ID's, and make sure your server distributes unique id's. This way, nasty people hacking your server can't use the ID's to identify your users ;)

Community
  • 1
  • 1
Tore Rudberg
  • 1,594
  • 15
  • 16
0

in a few months many more users will have android phones and android tablets so if you want to track a user over multiple devices it's best to use OAuth I think.

Segfault
  • 8,036
  • 3
  • 35
  • 54