iphone registration and authentication pattern

Question

Hi

I am looking for a stable (and Apple compliant) registration and authentication design pattern between an iphone device and a server. Ideally the registration and authentication would not involve the user and be a background process.

So far I've found 3 primitives for doing components of this:

1. UDID
2. UUID
3. SBFormattedPhoneNumber

UDID method

 [[UIDevice currentDevice] uniqueIdentifier]

    where @property (nonatomic, readonly, retain) NSString *uniqueIdentifier

uniqueIdentifier is a string unique to each device based on various hardware details. (read-only)

A unique device identifier is a hash value composed from various hardware identifiers such as the device’s serial number. It is guaranteed to be unique for every device but cannot publically be tied to a user account. You can use it, for example, to store high scores for a game in a central server or to control access to registered products. The unique device identifier is sometimes referred to by its abbreviation UDID. We can get UDID from iTunes manually for checking

Not sure what "cannot publically be tied to a user account" means.

UUID method

NSString *uuid = nil;
CFUUID theUUID = CFUUIDCreate(kCFAllocatorDefault);
if (theUUID) {
  uuid = NSMakeCollectable(CFUUIDCreateString(kCFAllocatorDefault, theUUID);
  CFRelease(theUUID);
}

CFUUIDCreate creates a Universally Unique Identifier (UUID) object. UUID object is different every time CFUUIDCreate is invoked. Therefore we need to generate it on first launch and then save it to your preferences using NSUserDefaults. The downside to this is that if the app is deleted and reinstalled or if the device is restored from backup, you'll lose the saved UUID and things won't be recognized as from the same device.

SBFormattedPhoneNumber

NSString *num = [[NSUserDefaults standardUserDefaults] stringForKey:@”SBFormattedPhoneNumber”];
NSLog(@”Phone Number: %@”, num);

The number returned by this code snippit is the number that is set up in iTunes for the device. If you didn’t enter the iPhone’s in iTunes at device activation, or perhaps [as in my case] if the default value wasn’t the iPhone’s number and you clicked OK anyway, such that iTunes doesn’t list the phone number when your iPhone is plugged in, this code will return a null string.

"For security reasons, iPhone OS restricts an application (including its preferences and data) to a unique location in the file system. This restriction is part of the security feature known as the application's "sandbox." The sandbox is a set of fine-grained controls limiting an application's access to files, preferences, network resources, hardware, and so on."

The device's phone number is not available within your application's container. You will need to revise your application to read only within your directory container and resubmit your binary to iTunes Connect in order for your application to be reconsidered for the App Store.

thank you in advance for your help.

peyman

Answer 1

Apple recommends using the UDID method as you found yourself. It is unique and stable for each device. Besides it's very easy to handle. Cannot be publically be tied to a user account means that you are not able to get the users iTunes account based on it which adds to the security of using this method.

The UUID will change every time you generate it. You will therefore have to store it yourself between runs of the application.

Phone number is not very stable as it can be changed by the user. Additionally it will be considered breach of the users private data to retrieve, store and transfer it.

So I would strongly recommend going for the UDID method.