Android Question How I can do this authentication?

LucaMs

Expert
Licensed User
Longtime User
Problem: identify and authorize a user of my app connected to my server.

Some considerations which I have done.

Users do not like to give his email.

I would like that the user could start the app and, if it were not the first start ever, could directly access the Server (a game on the Server).

I could use a UUID created from the app, but there is not a way to save it without the risk of it being deleted. In addition, there is no absolute certainty of always getting a different UUID (if my app was installed on 100 million devices? Since it will not be free, I shall become quite rich, but that's another story ).

In addition, an attacker could send the UUID randomly. The server, receiving this UUID and not finding it in the relative DB, should consider the user as a new user and accept and store the UUID.

I do not find the ideal solution, especially from the point of view of safety.
 
Sort by date Sort by votes

LucaMs

Expert
Licensed User
Longtime User
Erel said:
You can find an almost unique id with the method described here: Android Device Unique ID - Alternative to PhoneId

You can also let the user register on your server, with or without a server.
Click to expand...

I read that thread (it contains also the objection that when an app is reinstalled the DirInternal is cleared). In fact, I had tried a random number but long, for which I had opened a thread.

This seems like a quiz:
"You can also let the user register on your server, with or without a server"



Briefly, the problems are two:

1) the device does not have a place in which you can save data (UUID or AppID-RND number) that will not be deleted;
2) to whom I must send that AppID (perhaps I should say "how")


Do you think that Google will allow that my app is free but it requires a payment (through PayPal, for example) in order for it to be activated?
In this way I would send the AppID to a person who actually has my app installed on his device.



Well, if anyone has the solution ... I'm here


Thank you
 
Upvote 0

LucaMs

Expert
Licensed User
Longtime User


The first thing I thought was:

The app, during the first start ever, creates a random code (IDKey long) and sends it to the server along with a nickname chosen by the user.

The server can not find the IDKey then inserts it. The server checks the uniqueness of Nick; if necessary, the server asks the client to another nick.

But an attacker could send a IDKey and a nick without having my app.

In addition, the client should store the IDKey somewhere, but there are places indelible.



I did not understand your answer.

But for now I omit this part, otherwise lead me in a mental hospital
 
Upvote 0
You must log in or register to reply here.

Similar Threads

  • Question
Android Question Unable to integrate with Google Authenticator app
Replies
1
Views
250
toby
  • Question
Android Question SimpleMediaManager - how to authenticate url?
Replies
2
Views
532
andyr00d
  • Question
Android Question How to Authenticate only Android user to visit web site
2
Replies
26
Views
3K
cenyu
J
  • Question
Android Question Problem with FirebaseAuth - Authenticate your users. Please help
Replies
12
Views
4K
jvrh_1
J
  • Article
B4A Library Firebase UI Auth - a new Dimension in Authentication
2 3
Replies
44
Views
18K
mmieher
Menu
Log in
Register
Cookies are required to use this site. You must accept them to continue using the site. Learn more…