Menu
Is there a way to validate an iPhone device ID? I want to be able to accept device IDs submitted from iPhone users via HTTP request and validate that they are tied to a legitimate device.
392
If theres a way to validate the Id then theres a way to create a real fake id.
I agree with Tyler comment, there is a way to create Ids (easy) and to validate them (also easy) but to create a "fake" id will require scanning the entire keyspace (hard) or stealing the private key that generated the key (that's how TLS in fact works). some my initial comment is not valid.
Never the less, this is not how the Apple device Id works, AFAIK they generate the id from various values id of the hardware (MAC address for example)
193
To validate a request came from your app, you could send the UUID and a hash, where hash = SHA1(UUID + SECRET_KEY_STORED_IN_APP). Then do the same hash function on the server side and verify they match. You could add a time stamp to as a nonce, where you'd send UUID, timestamp, hash with hash = SHA1(UUID + SECRET_KEY_STORED_IN_APP + TIMESTAMP).
This is certainly not fail proof and has many limitations, but does it make it harder to spoof a UUID.
42
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
