iOS Tutorial DeviceCheck - uniquely identify iOS device

Hi,

in this tutorial (intended for advanced B4i user) I want to demonstrate how you can use the DeviceCheck framework (introduced with iOS 11) in order to uniquely identify an iOS device. I highly recommend to read the offical Apple documentation first: https://developer.apple.com/documentation/devicecheck?language=objc

The main advantages & use cases:
  • "DeviceCheck APIs also let you verify that the token you receive comes from an authentic Apple device on which your app has been downloaded"
  • "identify devices that have already taken advantage of a promotional offer that you provide"

Basically the framework allows you to save two bits (2x2) of data per device & per developer (this also means: if you have 100 Apps or more in the store, they all share the same two bits! Personally, I believe this is a big disadvantage ...)

The following graphic illustrates the server communication between the Device, your Server & Apple:

server.png

Source: https://iosimage.s3.amazonaws.com/2018/34-devicecheck-tutorial/server.png

Before we can start to code, we need to create a new DeviceCheck key in the member center:


upload_2019-1-6_0-18-27.png


Be sure you have selected "DeviceCheck".
Note down the KeyID & download the generated key file and save it, we will need it later.

Now go to the following page https://developer.apple.com/account/#/membership/ and note down your TeamID.

These information are needed in order to generated a JSON web token for authentication. This step is done by the server module and with the help of a tool called JWT.jar (also written in B4J). As a developer, you just have to enter your collected information (Path to the private key, KeyID & TeamID) in the Initialize method of the DeviceCheckServer module.

The two resumable subs GetBitState and SetBitState of the module are doing the "magic" for you & return a custom response type with information about the request & validities; for status codes & errors please have a look at the documentation: https://developer.apple.com/documen...g_and_modifying_per-device_data?language=objc

On the device side, the DeviceCheck module generates the temporary DeviceToken & sends it to our server - simple.

In general, I recommend to start with the examples and fit them to your needs.

Notes & tips:
  • set the MinVersion of your iOS App to iOS 11
  • be sure you have register an explicit App ID
  • DeviceCheck has no simulator support
Feel free to ask questions ;)
 

Attachments

  • DC_ServerExample.zip
    418.2 KB · Views: 655
  • JWT.jar
    442.4 KB · Views: 575
  • DeviceCheckServer.bas
    3.4 KB · Views: 596
  • DC_AppExample.zip
    2 KB · Views: 561
  • DeviceCheck.bas
    1.3 KB · Views: 588
Click to expand...
tufanv

tufanv

Expert
Licensed User
Longtime User
very useful. I think we can use this to protect our API's and limit the access to devices only which our app is installed on right?
JanPRO said:
Hi,

in this tutorial (intended for advanced B4i user) I want to demonstrate how you can use the DeviceCheck framework (introduced with iOS 11) in order to uniquely identify an iOS device. I highly recommend to read the offical Apple documentation first: https://developer.apple.com/documentation/devicecheck?language=objc

The main advantages & use cases:
  • "DeviceCheck APIs also let you verify that the token you receive comes from an authentic Apple device on which your app has been downloaded"
  • "identify devices that have already taken advantage of a promotional offer that you provide"

Basically the framework allows you to save two bits (2x2) of data per device & per developer (this also means: if you have 100 Apps or more in the store, they all share the same two bits! Personally, I believe this is a big disadvantage ...)

The following graphic illustrates the server communication between the Device, your Server & Apple:

server.png

Source: https://iosimage.s3.amazonaws.com/2018/34-devicecheck-tutorial/server.png

Before we can start to code, we need to create a new DeviceCheck key in the member center:


View attachment 75990

Be sure you have selected "DeviceCheck".
Note down the KeyID & download the generated key file and save it, we will need it later.

Now go to the following page https://developer.apple.com/account/#/membership/ and note down your TeamID.

These information are needed in order to generated a JSON web token for authentication. This step is done by the server module and with the help of a tool called JWT.jar (also written in B4J). As a developer, you just have to enter your collected information (Path to the private key, KeyID & TeamID) in the Initialize method of the DeviceCheckServer module.

The two resumable subs GetBitState and SetBitState of the module are doing the "magic" for you & return a custom response type with information about the request & validities; for status codes & errors please have a look at the documentation: https://developer.apple.com/documen...g_and_modifying_per-device_data?language=objc

On the device side, the DeviceCheck module generates the temporary DeviceToken & sends it to our server - simple.

In general, I recommend to start with the examples and fit them to your needs.

Notes & tips:
  • set the MinVersion of your iOS App to iOS 11
  • be sure you have register an explicit App ID
  • DeviceCheck has no simulator support
Feel free to ask questions ;)
Click to expand...
 
You must log in or register to reply here.

Similar Threads

Erel
  • Article
iOS Tutorial ITMS-91053: Missing API declaration
Replies
0
Views
2K
Erel
Erel
C
  • Question
iOS Question iOS device unique identifer
Replies
3
Views
1K
Biswajit
Biswajit
F
  • Article
iOS Tutorial Dummies Guide to Getting Started with B4i
Replies
1
Views
8K
aminoacid
aminoacid
DactilPlus
  • Question
iOS Question Bundle identifier is missing. B4iProject doesn't have a bundle identifier for the Release (solved)
Replies
8
Views
6K
DactilPlus
DactilPlus
D
  • Question
iOS Question Something wrong With Bundle Identifier
Replies
0
Views
2K
deyan666
D
Top