Results 1 to 7 of 7
  1.    #1  
    Hey, all. Hoping I can get some input on this from someone.

    Basically, I have content I'd like to be able to provide only to someone who has my app installed. User agent string seems far too easy to fake elsewhere. I'd rather not have to have usernames and passwords if I can avoid it. Is it possible for the app to provide some sort of authentication it sends with its request? If so, would that authentication be freely viewable in the source code, thereby making it useless anyway?

    I feel like I had a better way of asking this before I started typing, but it got away from me.

    Please let me know your thoughts on the subject.

    Thank you.
  2. smonme's Avatar
    Posts
    52 Posts
    Global Posts
    59 Global Posts
    #2  
    Quote Originally Posted by websterguy View Post
    Hey, all. Hoping I can get some input on this from someone.

    Basically, I have content I'd like to be able to provide only to someone who has my app installed. User agent string seems far too easy to fake elsewhere. I'd rather not have to have usernames and passwords if I can avoid it. Is it possible for the app to provide some sort of authentication it sends with its request? If so, would that authentication be freely viewable in the source code, thereby making it useless anyway?

    I feel like I had a better way of asking this before I started typing, but it got away from me.

    Please let me know your thoughts on the subject.

    Thank you.

    Is it safe to assume your afraid if you release a app on palm catalog people will just distrubute it for free? so you want the app to authenicate with you and if it isnt validly sold you wanna be to disable or not send updates? I dont quite think that's possible but maybe adding a checksum code that can only be generated upon downloading the app, it also emails the generated code to you so you add to a database of codes accepted and if the app differs then you can stop updates. Just a theory though, i highly doubt there is anything you could do though (look at app store, and just about anything on the web).
  3. jsabo's Avatar
    Posts
    427 Posts
    Global Posts
    479 Global Posts
    #3  
    Public/private key encryption would be the first thing to come to mind, but I'm not sure how you'd be able to hide passwords in the app.

    Next thought is to force each user to email you asking for an activation code, which they manually enter into the app, then use SSL to ensure that the code can't be sniffed. Yes, the person who gets the code can then try to reverse-engineer the communication, but if you see suspicious activity on a particular code, you can turn that code off. But that's basically back to usernames and passwords at that point.
  4. RickNY's Avatar
    Posts
    254 Posts
    Global Posts
    319 Global Posts
    #4  
    Can you tie it to the MAC address of the wi-fi in the phone?
  5. #5  
    MAC address can be manually edited so using it to be a unique ID is not good. I think having some sort of remote authentication is a good way to control things. If the software has to call home to be authenticsted you could use that to determine who gets what.setup unique ranges of ID numbers to control who gets what.
  6. #6  
    What about tying it to the phone's serial number?
  7. #7  
    The device serial number must be the best option, and check if this is a valid ID on the server. You can also check the # of connections for each client to see if they are copying this #.

Posting Permissions