16

Following is the scenario: I have an web application accessible via mobile browser. I need to detect a mobile device IMEI and sim IMSI whenever an user clicks on link in my app page accessible via web browser. This is to track the same device with same SIM and provide him/her next level of access. User cannot be tracked using loginid as there is no user login kind of option in my page.

The question is how to get unique device id/sim id via mobile browser for a specific mobile device. For now I am focusing on android based mobile devices. But the target is to make it generic to devices.

Focus of most of the ideas is, what is the kind of access a browser has over the phone and its app?

  1. From a browser link we can open a local app in the following way:

    <a href="productcateory://<productid>/<customerid>">Get Details</a>

here productcateory will uniquely identify a local app and invoke it. But its one way communication. How to get back some response from the point of invocation and populate some hidden form field dynamically.

  1. Via webpage scripts we can store some data locally at client machine and retrieve it later. but the scope is limited and it is no way connected to IMEI or IMSI number.

  2. Is there a way to get a hook to mobile browser app(remember it's like any other mobile application) from the webpage and get the id details via scripts in my page?

  3. Is there any option that html5 provides in this regard? I know there is a localstorage tag in HTML5 and one can store an id in the client location and retrieve it later. But this is limited to the same device and same mobile browser and also this is a different solution to get the imei/imsi number

Let me know if there is any other option without asking user to installing a local app or browser plugin on the device?

~inkriti

Jasper
  • 75,717
  • 14
  • 151
  • 146
inkriti
  • 1,605
  • 3
  • 14
  • 8
  • I don´t think that this is possible... – Tobias Sep 14 '11 at 08:25
  • 6
    What you're asking for is a way to track a user's phone in a way that they can't control, just because they visited a web page. There's a *reason* browsers don't allow this. – Wyzard Jul 22 '12 at 04:46

3 Answers3

17

For very good reasons it is impossible for the web browser to access the IMEI or IMSI numbers of a mobile phone, without some dastardly hacking that the dev teams hadn't expected.

Also the android browser doesn't support plugins.

Your only option is to create a native app. This answer has some info that will be useful to you: Programmatically obtain the phone number of the Android phone. Its not a perfect solution however.

I would also ask why you want access to the users phone number? If its just to track session just use javascript to generate a unique id and store it in a cookie.

Community
  • 1
  • 1
Michael Allen
  • 5,712
  • 3
  • 38
  • 63
  • 1
    The problem with cookie is, the cookie can be enabled or disabled and even deleted. IMEI and IMSI number can ensure this is a correct phone/ sim combination and my app will continue to respond to the correct user in future too. – inkriti Sep 14 '11 at 08:44
  • 1
    In terms of the cookie suggestion: It sounds like you only want to track session. So use javascript to check a cookie. If the cookie doesn't exist generate a unique ID and write the cookie. Then use Ajax to make a rest call to a web service to record the unique ID as a session. Any time you want to check the session just read the cookie and use ajax to check it is valid. Assuming you store it in a persistent cookie it will even stay when the browser is closed. It can be deleted and you'll just have to write your web app in a way that allows this to happen. – Michael Allen Sep 14 '11 at 08:57
  • A good suggestion Mike. Thanks. My main idea is to track a device/sim combination correctly rather than a session. So that even if the user uses a different phone with his own sim I can track that and inform the user about the same and ask him for next level of authentication to open up his specific authorized area. Also any idea how html5 localstorage is different from persistent session? – inkriti Sep 14 '11 at 09:14
  • Sorry, haven't used html5 local storage yet. With the tracking user IMEI thing I am pretty sure it's illegal in most countries. France even has a problem with persistent cookies, but I'm pretty sure what you want to do is illegal. – Michael Allen Sep 16 '11 at 16:12
  • CORRECTION: Android browsers do support plugins.http://stackoverflow.com/questions/3960050/how-to-develop-plugins-for-the-native-android-browser – RayLoveless Jun 12 '14 at 19:58
2

The original issue is probably closed, however for future reference of anyone (like myself) that comes across this question would be something like 2-factor registration with confirmation via text. The closest to getting an IMEI (impossible without native apps) would be to get the user to register and include a text confirmation - the mobile phone number in most cases will be unique, only non-unique when changing devices, and some assumptions can be made from the client-side to guess what device they have, you could even go a step further and ask them to identify the make/os of their device if you were that concerned about unique-ness. However in most use-cases a mobile number confirmation will do the job

sman0307
  • 198
  • 1
  • 9
0

The only reliable way is to write an app and have it send a SMS and then track the number on that end; assuming the subscriber has SMS/text service enabled. This won't work on non-phones (tablets).

It is not important, nor is it necessary and it is probably illegal to track the device (IMEI); simply track the subscriber.

Burhan Khalid
  • 169,990
  • 18
  • 245
  • 284