I am creating the offline application require the user to clock in and clock out in a offline scenario. The problem I am facing here is that how can I make sure the user not messing up the date/time setting in the device and faking the clocking time.
Asked
Active
Viewed 168 times
0
-
Get the time from an external source (i.e. Google has a time zone api that can returns a timestamp based upon your params) – SushiHangover Oct 16 '17 at 10:48
-
From where you take the time is not your problem. The problem is sending authentic information to the server. And in short, you can't do that. Your client (the mobile app, or an attacker faking your mobile app) will always be able to send whatever it wants, any timestamp for example, and you practically can't fix that. – Gabor Lengyel Oct 16 '17 at 12:55
1 Answers
0
One solution would be to check device uptime (time the device is on). I'm sure you can do it on iOS (see how here), please check if it's possible on your other platforms. You can get the device uptime at the beginning of the work and at finish to get total work time. Problematic scenario would be when the user restarts the phone, since the uptime would reset.
Michał Żołnieruk
- 2,095
- 12
- 20