Identifying an Android device / an installation (without physical ID)_问答_开发者

Identifying an Android device / an installation (without physical ID)

开发者 https://www.devze.com 2023-03-29 06:04 出处：网络

The problem: In one of my Android apps, users should be allowed to make changes to text data on my server (via HTTP request) without being required to login or sign up.

The problem:

In one of my Android apps, users should be allowed to make changes to text data on my server (via HTTP request) without being required to login or sign up.

In order to prevent spam and abuse of this function, I would like to identify a single installation of my app so that I can "ban" this installation. Of course, the user who is abusing my service could uninstall the app and download it again or something like that. But this is truly an obstacle and makes abusing the app more difficult.

So I have to find a way to identify an Android device or at least a single installation.

As one can read here or here the physical device ID of an Android phone is not a good solution. So what else could I do to achieve this?

My idea:

When the app is started for the first time, create an (almost) unique hash (maybe SHA-512) of the current timestamp and a huge random number. Then save this value on internal storage and always use it to identify this device or installation later (on HTTP requests).

What do you think of that solution? Are there any better approaches?

This is almost what the Android Developers Blog suggest, right? But are they really writing to the internal storage? They don't use openFileOutp开发者_Go百科ut() as suggested here.

And, at last, a question that is probably a bit stupid:

How can I use the code shown on the Android Developers Blog? Can I add that public class to my main activity .java file?

Thank you very much in advance! :)

In my current Android project, I use the Bluetooth mac id as the identifier because of what I read about the physical device ID not being reliable. Of course, my app is very specialized and REQUIRES bluetooth AND internet anyway, so this works.

Specifically I have a way of calling my web server from the phone, passing in the Bluetooth mac ID. I can check license status (for trials/expirations), where you might check against a ban method to see if that id is banned.

Since my application requires bluetooth, this worked perfectly for me since [mostly] all bluetooth mac id's should be unique.

Just an idea.