How to uniquely identify a mobile device - asp.net - mobile

I am trying to log certain actions of users in my database, and I need to retrieve the same actions once the user gets back to my site (unable to support cookies) after a few days, is there a way I can get any mobile device's ID and use that as a unique identifier?
The solution needs to be applicable for iPhone,iPad,iPod,Android,Nokia and other mobile devices.

Related

How do I authenticate users of a web-app to access GCP data relevant only to them?

I have spent 3 days researching this problem and cannot find a solution or similar use case that shows how to solve the problem, so any pointers would be greatly appreciated.
I am creating a web-app that uses Google Cloud Storage and Bigquery. A user registers on the web app and then can upload data to Cloud Storage and Big Query. Two users could be from the same company and therefore should be able to view the same data - i.e. Jack and Jill work for company A and if Jack uploads a massive dataset via this app, Jill should also be able to view it later.
Another scenario will be I have two completely separate clients with users using this web-app. If users from Company A upload data, users from Company B should not be able to view Company A's data, and vice versa. But users from the same company should be able to view the data within their company.
Currently, I have an app that works for a single company. This has a React front-end that uses Firebase for authentication. Once the user is logged in, they can use the app which sends off API calls to a Flask back-end that does some error checking and authentication checking and then fires off an API call to GCP. This uses a service account and the key is loaded as an environment variable in the environment in which the Flask app is running.
However, if Company B want to use the app now, both Company A and Company B will be able to see each other's data and visualize it through the app. In addition, they will be sharing a project (I would like to change this to allocate billing more easily to have each client have their own project).
I ultimately want to get this app onto Kubernetes and ensure that each company is independent of each other, however, do not want to have to have separate URL's for every company using the app. Also, I want to abstract GCP away from the client. I would prefer to authenticate a user based on their login credentials and then they will be given access to their GCP project (via my front-end) accordingly.
I thought about perhaps having separate service keys for each client and then storing the service key info in Firebase, while using the respective keys for API calls but not sure this is best practice. It is however the only strategy I can think of.
If anyone could provide some help or guidance it would be very much appreciated. This is my first GCP project and have not been able to find any answers on GCP, SO, Google Groups, Slack or Medium.
Thanks,
TJ
First if all, welcome on GCP! It's an awesome platform, very powerful and flexible. But not magic.
Indeed, the use case that you describe is specific to your business logic. GCP provides told for securing access for user and VM(through service account) but not for customer. Here you have to implement your own custom and authorisation logic, with a database (I don't recommend bigquery for website, the latency is too high) to list three users, the companies where they work, the blobs of each company...
Nothing is magic and your use case specific.
If you want to discuss more about which component to use and to start, no problem. Let a comment.

Serving ads to a specific device using mobile ad network

Is it possible to serve specific ads that will appear on a specific user's mobile phone when he is using a specific app? Is the user's IMEI required for this? (This is when you are not the owner of the APP)
Thanks!
Targeting a specific user
Here's a couple of quotes from DoubleClick AdExchange Buyer help page
IDFA (Identifier For Advertising) on iOS
Every iOS device comes with an identifier that allows developers and
marketers to track activity for advertising purposes. It may be used
by advertisers to run remarketing campaigns and record purchasing or
downloading conversions.
AAID (Google Advertising ID) on Android
Inventory bid requests from Android devices pass the AAID, which
provides the same type of device-specific, unique, resettable ID for
advertising as the IDFA. The ID for tablet devices with multiple users
may also be unique per user.
Targeting a specific app
Check out section 3.2.9. the OpenRTB spec, there's an App object
This object should be included if the ad supported content is a
non-browser application (typically in mobile) as opposed to a website.
A bid request must not contain both an App and a Site object. At a
minimum, it is useful to provide an App ID or bundle, but this is not
strictly required.

Is that good approach to embed OTP (one time password) algorithm into Enterprise mobile apps to support offline capability?

UPDATED: We are building Mobile apps on Windows, IOS & Android platform to generate OTP (one time password) for a regulated system. The system will prompt challenge phrase when user attempt to login and the displayed challenge need to be keyed into mobile App to generate the OTP. The generated OTP is then entered back into System to successfully login.
So far the requirements for mobile OTP generate app is good as we can expose a service to generate OTP with required security.
But, we have a wired requirement to support the same feature with offline capability where mobile has no internet connectivity. The only choice we know is to embed the OTP algorithm & key into app and apply suitable security mechanism. Algorithm is custom built propitiatory algorithm and without compromising security we need to achieve the offline capability. Is that a good approach to embed algorithm & key into app to enable offline capability? What is the recommended solution.
I have no idea what you mean by "Enterprise will expose API".
But, you will need something tied to the physical phone device, like the SIM module (i.e. the phone number) or an app with secure/private storage for two-factor to work.
An API exposed on the internet, without a strong link to the authentication token (phone), is not secure.
So, I guess the only answer is: Yes, you should implement the "OTP algorithm" in the app. The app must store the shared secret in a private storage that is not (easily) accessible to other apps. Then, depending on the kind of OTP, you need to provide some means of synchronization between the app and the server. For Google's Authenticator this is just establishing a common timebase because the "OTP" is not strictly one-time but changes (only) depending on the current date+time; hence the current time becomes the "challenge" the server implicitly poses for the client to return the correct response. The good thing is that you don't need access to the internet to know the current time in your app. You only need to synchronize the timebase now and then to make sure the clock in your app does not differ too much from the server's.
The server could instead also send an explicit challenge, like a sequential number. This challenge would be displayed to the user attempting to log-in, the user would have to type the number into the app and return the app's answer to the server.
Many more options are available, but the bottom line is: To provide reasonable security, the OTP must be calculated on the phone.

Corona Mobile App Storage Solutions

I am currently developing a mobile app using the Corona SDK and Lua. I need to store information about each user and load the information for the current user when they load the app. What is the best method to store this information for each user, and how would I get this data on app load. I was thinking about using sqlLite and having a single row for each user. However when the user re loads the app I would have no way of accessing the data for the current user because when the app loads I would need something to index the database. Is there any way I can get some information from the mobile device on app load to index the database? Any ideas or suggestions?
I'm not clear on where the database is stored.
If it's remote on a server just use the device ID
system.getInfo( "deviceID")
If it's local and you have multiple local users then use a login.
You could use a registration process for either instance and store
The registration keys for automatic access when launching the app.
take a look at amazon's services.
like S3,simpleDB, dynamoDB..
Some implementations are already available in Code Exchange
http://developer.anscamobile.com/code/amazon-simpledb-api
http://developer.anscamobile.com/code/amazon-s3-rest-api-implementation-corona

Adding Instant Messaging (possibly XMPP) to my website on AppEngine (without using Google Login IDs)

I have developed a dating website built on top of the Google App Engine, to which I would like to add instant messaging, and possibly/probably audio and video conferencing.
Given that the users on the website do not want to share their personal details or real contact information, I am handling all of the login information and sessions without assuming that the clients have (or even want) a google account ID or any other login that is associated with their real identity.
I would like to hear suggestions on how I could go about adding instant messaging to my website given that I cannot just directly access Google Talk or some other existing service.
Would it make sense to use XMPP for this, and if so will Google Talk or any other XMPP service provider allow me to register new user accounts without manual intervention (ie. after a user is registered on my site, automatically register them with the XMPP provider)? Or, if not, perhaps I can use a single google ID with Google Talk with a different resource identifier for each user (me#google.com/user1, me#google.com/user2, etc...), and send messages between the different resources? Could this work, and/or would having thousands of simultaneous connections to a single account get me banned from Google Talk?
Perhaps some kind of AJAX based solution might make more sense given the fact that users are already registered on my website, but are not registered for an XMPP service?
Any suggestions about how I might approach this problem would be greatly appreciated.
Kind Regards
-Alexander
Text chat is the easier problem. You can do either with or without XMPP. Without XMPP, you'll be building a Facebook chat type client on your pages that sends messages from each user to the app, and the app then shows then on the recipient's screen.(The client can be polling, or use comet when it comes out). Check out olark to see how this works.
Once you build code to use the app as a switchboard that routes the correct message to the correct person (anonymously, maybe), you can port this easily to XMPP if you require. Both parties add you.dating.site#appspotchat.com to their buddy lists, and you send all messages from girl#site.com to guy#site.com and vice-versa. (assuming a heterogeneous site.)
Audio and video, I have no clue how to do without sharing details between the parties :-/

Resources