简体繁体 English

用UUID唯一标识iPhone设备

[英]Uniquely identify iPhone device with UUID

原文 2018-12-06 11:15:39 9 2 ios/ iphone/ swift/ uuid

I have done a lot of researches to find a solution on how to uniquely identify an iPhone device. 我做了很多研究，以找到有关如何唯一标识iPhone设备的解决方案。 If the user go to General > Reset > Erase All Content and Settings even if i use the Keychain to store the UUID, and store it in a back end server, i will no more be able to identify that user device. 如果即使我使用钥匙串来存储UUID并将其存储在后端服务器中，即使用户转到“ 常规”>“重置”>“擦除所有内容和设置” ，我也将无法识别该用户设备。

The last solution i have found is the Framework , DeviceCheck . 我找到的最后一个解决方案是Framework DeviceCheck 。 Does anyone has experience with it and can tell me if after the user wipe his device, the mechanism of token generation with a server-to-server API provided by this Framework could help me to solve this issue? 有没有人有使用它的经验，可以告诉我用户擦除设备后，使用此框架提供的服务器到服务器API生成令牌的机制是否可以帮助我解决此问题？ or is the same as the Keychain road where you can't save persistently data after the user have done a wipe of the device? 还是与钥匙串之路相同，在该道路上，用户擦拭设备后无法永久保存数据？

2 个解决方案

Usage of UDID on iOS has security and privacy issues. 在iOS上使用UDID存在安全和隐私问题。 Apps that use UDID can expose data of previous owner to the new owner which is a big issue. 使用UDID的应用程序可以将以前所有者的数据公开给新所有者，这是一个大问题。 Because of this, Apple removed developer access to UDID. 因此，Apple删除了开发人员对UDID的访问权限。 Trying to uniquely identify iOS device is playing with fire with Apple's App Store review process. 试图唯一标识iOS设备正在与Apple的App Store审核流程相提并论。 At any time app can be banned. 在任何时候都可以禁止应用程序。

Quote from Secure Mobile Development Best Practices (Limit Use of UDID) 安全移动开发最佳实践的报价（限制使用UDID）

Details 细节

Most mobile devices have a unique ID, also called a Universal Unique Identifier (UUID), assigned at the time of manufacture for identification purposes. 大多数移动设备都有唯一的ID，也称为通用唯一标识符（UUID），在制造时就分配了该ID以用于识别。 For example, iOS devices are assigned what's called a Unique Device Identifier (UDID). 例如，为iOS设备分配了唯一设备标识符（UDID）。 The ability to uniquely identify a device is often important to procure, manage and secure data. 唯一标识设备的能力通常对于采购，管理和保护数据很重要。 Developers quickly adopted the UUID and UDID for device identification, which resulted in it becoming a foundation of security for many systems. 开发人员迅速采用UUID和UDID进行设备识别，这使其成为许多系统安全的基础。

Unfortunately, this approach brings with it several privacy and security issues. 不幸的是，这种方法带来了一些隐私和安全性问题。 First, many online systems have connected the UUID of a device to an individual user to enable tracking across applications even when the user is not logged in to the app. 首先，许多在线系统已将设备的UUID连接到单个用户，以便即使用户未登录应用程序也可以跨应用程序进行跟踪。 This advanced ability to track a user has become a major privacy concern. 跟踪用户的高级功能已成为主要的隐私问题。

Beyond that, apps which identify a person through the UUID risk exposing the data of a device's previous owner to a new owner. 除此之外，通过UUID识别人员的应用程序可能会将设备的先前所有者的数据暴露给新所有者。 In one instance, after re-setting an iPhone, we gained access to the prior user's account for an online music service even though all user data had been erased. 在一种情况下，重置iPhone后，即使所有用户数据都已删除，我们仍可以访问先前用户的在线音乐服务帐户。 Not only is this a privacy issue, it's asecurity threat because an attacker could fake a UUID. 这不仅是隐私问题，而且是安全威胁，因为攻击者可以伪造UUID。

Apple has recognized both the privacy and security risks of iOS's UDID and removed developer access to it. 苹果已经意识到iOS UDID的隐私和安全风险，并取消了开发人员对其的访问权限。 With the UDID out of reach, some developers apply other device-identification methods involving the MAC address of the wireless network interface or OpenUDID. 由于UDID无法使用，因此一些开发人员应用了其他设备标识方法，这些方法涉及无线网络接口的MAC地址或OpenUDID。 These methods have now been banned at the system/API level and are also flagged and rejected as part of the AppStore review process. 这些方法现已在系统/ API级别被禁止，并且在AppStore审核过程中也被标记和拒绝。

REMEDIATION 补救

We recommend that developers avoid using any device-provided identifier to identify the device, especially if it's integral to an implementation of device authentication. 我们建议开发人员避免使用任何设备提供的标识符来标识设备，特别是如果它是实现设备身份验证所必需的。 Instead, we recommend the creation of an app-unique "device factor" at the time of registration, installation, or first execution. 相反，我们建议在注册，安装或首次执行时创建应用程序专用的“设备系数”。 This app-unique device factor in combination with user authentication can then be required to create a session. 然后可能需要将此应用程序唯一的设备因素与用户身份验证结合起来以创建会话。 The device factor could also be used as an additional factor in an encryption routine. 设备因子还可以用作加密例程中的附加因子。

Since it is not relying on predictable, device-supplied data, exploitation becomes more difficult. 由于它不依赖可预测的设备提供的数据，因此利用变得更加困难。 By leveraging a challenge-response approach, the server and device can authenticate each other prior to user authentication. 通过利用质询-响应方法，服务器和设备可以在用户认证之前对彼此进行认证。 To gain system access an attacker would have to exploit both factors. 为了获得系统访问权限，攻击者必须利用这两个因素。 Developers can also implement a feature where the device factor is reset on the client or server side, forcing a more stringent re-authentication of the user and device. 开发人员还可以实现一项功能，在客户端或服务器端重置设备因素，从而强制对用户和设备进行更严格的重新认证。

To protect user privacy while preserving advertising capabilities, Apple recommends using the advertisingIdentifier - a unique identifier shared across all apps in the system. 为了在保留广告功能的同时保护用户隐私，Apple建议使用adsingIdentifier-在系统中所有应用程序之间共享的唯一标识符。 A person can reset the advertisingIdentifier on their device at any time in the Settings -> Privacy -> Advertising menu. 人们可以随时在“设置”->“隐私”->“广告”菜单中重置其设备上的advertisingIdentifier。

Uniquely identify iPhone device with UUID 用UUID唯一标识iPhone设备

==> I like this question. ==>我喜欢这个问题。 you want to (IMEI+YourID) to create new ID. 您想要（IMEI +您的ID）创建新ID。 this ID store and back to open agin compare with this formula. 将此ID存储区重新打开以与此公式进行比较。

Note:- Apple is not allow IMEI number use. 注意：-Apple不允许使用IMEI号码。