0

I'm new to xamarin so I'm still trying to figure out how some things work.

The things is, I wanted to create a simple application where the user will recieve an email if his account logged in into an unknown device (yes, it looks like a login alerts).

Correct me if my proposed method is incorrect, I want to create a list of every known device each user has logged in, and compare it to a current device the login attempt was made. Is there a way where I can use a unique android device ID in Xamarin that I can use for this situation?

Any answers/suggestions will be much appreciated Thank you in advance

KLeo
  • 95
  • 9

1 Answers1

0

Using device ID would mean that if user uninstalled your app and stashed the phone for a year, it would still be considered trusted. Users most likely won't remember what they did in the past and blame you for failing to alert.

What you should use is instance ID. An UUID that app generates once and then saves. So uninstalling your app or clearing its data would make it "brand new and untrusted" - because that's exactly what users expect.

To paraphrase Fifth Element: Device not important. Only app important.

Also note that mobile users expect to log into app once and remain logged forever. Some apps (like banking apps) add extra PIN, fingerprint or password to actually access the data, but the app remains paired to the user account forever. In that case, there is server-side list of app instances paired to user's account, so it's trivial to notify about new pairing. Bonus-you don't need any client-dependant IDs, have the server assign the ID on pairing.

Agent_L
  • 4,960
  • 28
  • 30
  • Thank you, I've decided to follow your suggestion. It is my first time doing a login alert so I am truly grateful for your pro-tips :D – KLeo Sep 30 '22 at 06:19