1

I have an app that creates an account for a web app, which is basically sending and receiving SMS messages from the web. This is how it works (not released yet, nearing the end of the first-release features I had planned):

The user purchases the app. The user enters their name, email, and password. The account is created on the server-end, and the final view is shown telling the user where to access the web app. The background processes are opened (C2DM and ContentObserver for SMS).

All goes well. The android part of this app all works flawlessly, but I'm scared of people making multiple accounts from one purchase. How could I stop this from happening? I am clueless when it comes to this subject. First of all, when the final view is shown, a user could just hit back and then recreate another account. How can I prevent them from going to that form ever again? I am thinking I can just set a SharedPreference, but then all the user has to do to make another account is uninstall the app and then reinstall it, and bam another account is made.

I need a way, so once the user registers for the first time, there is in no possible way they can register again, on that specific phone (or specific Google account). Is there any real way to accomplish this? Any help is appreciated, I am stuck when it comes to this topic.

JasonMArcher
  • 14,195
  • 22
  • 56
  • 52
Qasim
  • 1,686
  • 4
  • 27
  • 51
  • Save a file to the SD card and check for its existence – Blundell Jan 13 '12 at 23:58
  • @Blundell is there a way I can go further? Like a specific phone or Google ID that always stays the same? Because to purchase an app, the user has to buy the app from a google account, which means a google account is linked with the process. Is there any way to get that? – Qasim Jan 14 '12 at 00:01

2 Answers2

0

I would make it a check on the server side. Every device has a unique identifier. If you save this on the webserver side during the account creation, you check whether or not an account has already been made on this device. Also add the same check for the Google ID, just in case.

String android_id = Secure.getString(getBaseContext().getContentResolver(),
                Secure.ANDROID_ID);

Might be worth a try. Your safest bet will always be something on the server side, since the device side is easily tempered with if people really wanted to.

Sander van't Veer
  • 5,930
  • 5
  • 35
  • 50
  • Now I dont have much experience with Android apps after they are published; this is my first app, so I was wondering, is there a list of people who have bought this app or something? So I can verify myself too, if I see some random email in my server Database, but it isnt in the list of users who purchased this app, something like that. – Qasim Jan 14 '12 at 00:03
  • Sorry I have no experience with that myself either, currently working on my first app to be published. That in combination with the AndroidID might be a good combination though, if it's possible. – Sander van't Veer Jan 14 '12 at 00:05
  • Careful ANDROID_ID returns null on some devices and on another handset by one network operator every phone has the same ANDROID_ID, there are many blog's on this topic http://stackoverflow.com/questions/2785485/is-there-a-unique-android-device-id – Blundell Jan 14 '12 at 00:10
  • 1
    Generate your own unique id on the server during account creation. Device IDs are unreliable and you'll screw up when a device changes owners. – Krylez Jan 14 '12 at 00:49
0

Since SIM identification functions (getSimSerialNumber) return null on CDMA devices and *ANDROID_ID* is said to be the same value on CDMA devices; with addition of tablets which do not have either of them, I highly suggest implementing your own unique identifier in your database and matching it with user's Google Account.

However, since a poweruser can always reset their app data storage and clear their identification from device (thus making your app session on device brand new on app launch) this approach has it's caveats.

You may want to check this blogpost for ideas about generating your unique id

http://android-developers.blogspot.com/2011/03/identifying-app-installations.html

Cengiz Can
  • 1,302
  • 1
  • 15
  • 31