Reputation: 1916
What alternatives are there to identifying mobile devices without using their IMEI, SerialID, etc.?
Recently I came across an old project for Nokia Asha with app tracking in it.
For every screen accessed by the user a Http request would be made to report to the analytics service and one of the parameters sent was the IMEI in the mobile device.
As far as I know, retrieving information like the IMEI on Windows Phone and iPhone is not permitted but on Android it's still an available function but requires the permission to read the state and identity of the phone which I've been told scare some users.
From what I'm seeing, using this kind of information is being discouraged in which case what alternatives are being more encouraged to implement to identify a device when it comes to analytics services or similar?
Upvotes: 2
Views: 846
Answers (1)
Reputation: 13367
You can use a random ID to identify each client.
Odds: With a 64-bit random ID (using, say, nextLong()), the odds of accidental collision are exceedingly small. You'd need 4 billion clients to get the probability of the first accidental collision up to 1/2. This is plenty good enough for analytics.
Implementation: The server can use Java's SecureRandom to generate the ID and put it in a cookie on the HTTP reply if the HTTP request doesn't already have one. Either way, the analytics would associate that request with that cookie.
If the client is a native app rather than a web app, it will need to store the cookie and attach it to future HTTP requests.
Alternatives: If users need to log in to your app, then you can associate usage with their login ID. Otherwise, generate a token.
There are many reasons to not ask the user for their cellphone number including privacy, reliability, and annoying people. Many potential users will drop out rather than enter their cellphone number, while others will enter something like all ones. A random ID will be more unique.
If you need to do account validation via SMS, then you'll have to ask for a phone number. In that case you'll need a privacy policy, a data retention policy and plan, encrypted storage, you'll have to explain it to users, and cope with a substantial fraction of dropouts.
Even if you don't retain the phone numbers, you could construct a one-way secure hash from it to use for the client ID, but phone numbers get recycled so over the long term, random IDs will be more unique than verified phone numbers.
Upvotes: 1
Related Questions
- is it possible to get a unique identification number from a mobile device?
- Solution for identify mobile devices by mobile browser
- How to uniquely identify android device to track devices
- Best way to ID an Android Device
- Can I uniquely identify a mobile device from a website?
- What is a long-term method I can use to uniquely identify an iOS device?
- Uniquely Identifying a mobile device
- Any way to identify a mobile phone web user other than using a cookie?
- Is there a programmatic way to get a mobile device's unique identifier?
- A unique identifier for cell phone other than IMEI or IMSI?