security - Authentication scheme for an Android application: When the SIM card is locked or exhanged by another, the app stops working -

-

i need implement convenient way determine, whether mobile app being used valid customer or not. customers told me if lose mobile phone, contact operator , lock sim card.

so, seems natural bind authentication sim card validity (the app works long correct sim present , not locked). then, in case of loss customer needs lock sim card, or anyway (because internet banks send sms approving transactions mobile phone).

i tried read sim-card related data, works on phones , not on others (sometimes empty strings instead of imei number).

how can implement authentication mechanism, is

  1. easy user (does not require user generate/enter new password),
  2. provides app information whether inserted sim card
    1. the same sim there @ first start of application and
    2. not locked?

if it's impossible, authentication alternatives there (apart e-mail/password , phone number sms confirmation) ?

update 1 (11.08.2013 14:17 msk): 1 obvious solution use phone number login name , server-generated 6-digits number password.

then, authentication work this:

  1. at first run, user enters or mobile phone number.
  2. the server sends him or message (sms) 6-digit password.
  3. the user enters password , app starts work.
  4. in regular intervals app asks user renew password (new passwords delivered via sms well).

what think option?

can improved somehow?

if lock app sim properties , requires properties presented unlocking app, have thought store properties in app (hard coded, database, file, preferences,...)? or thinking contact server verification? both way, may end in complex solution possible security flaws. sim serial number unique @ same time public, can't rely on property lock app.

telephonymanager class gateway accessing sim properties( class exposes users privacy in number of ways). of now, there no android crypro api exposed perform cryptographic operations in sim. but, since customer can contact operator, may consider ask operator sign app. in case, may have way use sim card secure element. there discussion on this thread. pin code based limited number of attempts way implement simple authentication accessing app. may implement @ application layer without involving sim card.

hope helps.


Comments

Post a Comment

Popular posts from this blog

css - Which browser returns the correct result for getBoundingClientRect of an SVG element? -

-
this svg contains rect overflows svg element: <svg id='svg' width='10' height='10'> <rect x='-10' y='-10' width='30' height='30'/> </svg> chrome 28 , opera 12 return getboundingclientrect() svg element width , height of 10. firefox 23 reports width , height of 30. correct? jsfiddle the relevant spec cssom , delegates svg spec if svg element not "have associated css layout box". haven't found definition of "having associated css layout box", correct result seem hinge on definition, getbbox returns 30x30 rect in browsers. this firefox bug fixed now, fix in firefox nightlies , should make through firefox 33 released on 14 october 2014. see bug 530985 details.
Read more

gcc - Calling fftR4() in c from assembly -

-
i trying asm fft implementation www.embeddedsignals.com work. running make gives error: undefined reference fftr4(short*, short*, int) at top of asm have .syntax unified .thumb .global fftr4 .type fftr4, %function and there #define's associate c functions arguments registers followed macros fftr4 function uses. after that, fftr4 called .thumb_func fftr4: stmfd sp!, {r4-r11, lr} mov tmp0, #0 // bit reversed counter mov tmp1, #0 .word 0xf3a2fa92 //rbit r3,r2 //rbit r,n lsl r,#3 and c code follows: void fftr4(short *y, short *x, int n); short x[512]; short y[512]; int i; void loop() { (i=0;i<512;i++) x[i]=0; (i=0;i<512;i=i+8) { x[i+0]=16384; x[i+2]=16384; x[i+4]=-16384; x[i+6]=-16384;} fftr4(y, x, 256); serialusb.println(y[128]); serialusb.println(y[129]); serialusb.println(y[384]); serialusb.println(y[385]); // expected results: //y[128]is 8191; y[129] -8190 y[
Read more

Function that returns a formatted array in VBA -

-
i have function prints excel data text file in array format following: [ ['id', 'label', 'longitude', 'latitude', 'country', 'region', 'ttl_wt_flw_thru', 'sum-of-bol-wt', 'count of wdr_ref', 'ratio'], ['aeauh', 'abu dhabi, united arab emirates', 54.3666667, 24.4666667, 'ae', 'eame', 66, 30, 8432, 281.066666666667], ['aedxb', 'dubai, united arab emirates', 55.307485, 25.271139, 'ae', 'eame', 682, 3, 8369, 2789.66666666667] ] my code writing array is: function fillsourcearray() dim long, j long, s string dim lastrow double dim s1 string 'opens file filepath = filepath & "dataarray" & ".txt" open filepath output #1 'read source data dataarray = sheets("nodes").cells(1).currentregion.value 'determine lastrow lastrow = sheets("nodes").range
Read more