如何为每台Android手机制作独特的令牌或ID以及在哪里保存?
我正在为Android应用程序制定安全方案,以防止用户发送不需要的/垃圾邮件或多要求。
这些用户没有注册,您知道检测到的用户是通过检查IP地址的一种方法,但是问题是公共IP地址将会改变。用户可以打开/关闭调制解调器(例如)以获取新的公共IP地址,也可以安装/卸载应用程序以刷新所有内容并开始向服务器发送不需要的请求。
我想制作像令牌之类的东西,并将其存储在电话中,并将其随附的请求发送,并且在服务器端,我们可以检测到这些请求来自哪些电话/用户并处理安全问题。
该令牌或ID必须具有以下功能:
- 访问它(删除)对于普通人来说是不可能的或难以 黑客,我知道这是不可能的)
- 如果该应用已卸载/安装,Android OS不会删除 有可能吗
?
是否有更好的解决方案来处理此问题?
I'm, working on a security scenario for an Android Application to prevent sending unwanted/spam or multi-requests by users.
These users are unregistered and as you know one way to detect them is by checking the IP addresses but the problem is that the public IP Addresses will change. Users can turn On/Off the modem (as an example) to get the new public IP Address or can install/uninstall the app to refresh everything and start sending unwanted requests to the server.
I want to make something like a token and store it on the phone that it will send with their request and on the server-side, we can detect which these requests come from which phone/user and handle the security issues.
This token or ID must have these features:
- Access to it (deleting) should be impossible or hard for normal people (not for
hackers, I know it's impossible) - If the app has been uninstalled/installed, Android OS doesn't remove
it
Is it possible?
Is there a better solution to handle this?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
Android开发人员文档具有良好的 arterge 在可用的用户ID上。获得第二个属性将很困难,因为Android一直在为用户隐私推动可重复的ID。 Firebase安装ID(FID)已接近,但您没有得到#2。您还可以使用SafetyNet API查看应用程序是否真实,然后在客户端或服务器端构建速率限制。
The Android developer docs have a good article on available user IDs. Getting the second property will be difficult because Android has been pushing for resettable IDs for user privacy. The firebase installation ID (FID) is close, but you don't get #2. You can also use SafetyNet APIs to see if the app is genuine and then build rate limiting in the client or server side.