在iOS中唯一标识设备

Question

I am developing a corporate application on the iPad for a certain business requirement. This app is meant to use in a specific number of devices which is predefined by the admin.

But I also need the application to reject any login requests even if it is from an authorised user,when he or she is using a device which is not defined by the admin.

Edits:

Say I have 2 devices and I have my credentials to login to the app, And my need is, to restrict the login from the devices which is not mine. For that I have to identify whether the login request is comes from my device or not.

Previously we could use device UDID to do this, but now it is deprecated.

Can any one please suggest a method to implement this ?

Answer 1

try this. for more info check UIDevice

// IOS 6+
    NSString *uniqueIdentifier = [[NSString alloc] initWithString:[[[UIDevice currentDevice] identifierForVendor] UUIDString]];

Answer 2

You can use iCloud over here because UUID has been deprecated and vendorId is uniqe but might be change if you uninstall the app and install it agian,

So I would suggest iCloud will be safer, what you cna do is at the time of application launch you can generate one token which is unique and save it to your iCloud data storage along with user credentials,

So from the next time onwards when user will try to login you can check it with iCloud.

Answer 3

How about using Apple's enterprise distribution system? That will allow you to deploy the app to a corporation, and have tight access control.

https://developer.apple.com/programs/ios/enterprise/

Answer 4

Just Trick:

You can Implement APNS code to your Project and Get Device Token.

The Device Token is Unique One. But The user Must Allow the APNS.

Note: APNS Device Token is changed to Following reasons.

1. Change of Bundle id.
2. Change of Development Mode(Sandbox/Production)

Answer 5

I have implemented a solution for exactly your problem, The best solution (and Apples recommended route) is to create a UUID unique to your App like this:

    NSString *uuidString = nil;
    CFUUIDRef uuid = CFUUIDCreate(NULL);
    if (uuid) {
        uuidString = (NSString *)CFBridgingRelease(CFUUIDCreateString(NULL, uuid));
        CFRelease(uuid);
    }

Then, and this is the key, you can store that to the iOS keychain (Handy classes here: https://github.com/lukef/IXKeychain ) and values in the iOS keychain are NOT removed when the user uninstalls the App, so you can persist your own UUID through App installs which is a key part of managing a specific number of devices against a user account.

Answer 6

This method will return a string for every device. Since it is gonna change every time for single device so we are storing it in a keychain and can refer it whenever we need it.

+ (NSString *) uniqueDeviceIdentifier
  {

    NSString *deviceUUID = [[SGKeyChain defaultKeyChain] stringForKey:@"uniqueId"];

        if (!deviceUUID) {

            if (!deviceUUID.length) {

        NSString *deviceUUID = @"";

        CFUUIDRef uuidRef = CFUUIDCreate(NULL);

        CFStringRef uuidStringRef = CFUUIDCreateString(NULL, uuidRef);

        CFRelease(uuidRef);

         deviceUUID = [NSString stringWithFormat:@"%@",[NSString stringWithString:(__bridge_transfer NSString *)uuidStringRef]];

    [[SGKeyChain defaultKeyChain] setObject:deviceUUID forKey:@"uniqueId" accessibleAttribute:kSecAttrAccessibleAlways];

        }
    }       
        return deviceUUID;
    }

yo can refer to this repository... https://github.com/sgup77/SGKeyChainWrapper for SGKeyChain implementation

Answer 7

Ok I will share the approach that we follow for a B2B enterprise app. .

Every User has login Id and Password.

1. So user register his device with Server using deviceReg API which takes clientDeviceId as param(client generated uuid) along with username and pass.

2. Server returns a server generated unique identifier to be used by application on that particular device.

Conclude - in this way you can restrict the user with a certain device.

You can use below method to generate deviceSpecific client UUID

- (NSString *)getUuid
{
    CFUUIDRef uuidRef = CFUUIDCreate(NULL);
    CFStringRef uuidStringRef = CFUUIDCreateString(NULL, uuidRef);
    CFRelease(uuidRef);
    NSString *uuid = [NSString stringWithString:(__bridge NSString *)uuidStringRef];
    CFRelease(uuidStringRef);
    return uuid;
}

Please note: I remove the explanation about using AuthKey, AccessToken and others which we use for security purpose as you do not use any auth server.

I hope it helps.

Update 1.

Since you are having an enterprise application so i am sure you would be having atleast the user e-mail ids.

So the account manager should than 1st send a email with one time token to all active accounts.

This token can be requested by the application while registering the device and send to server for validation.

Also the server invalidates the token once used to avoid misuge.

There should be a migrAtion api which uses the server generated device id and a migration token if user migrates the device.