Default Device Identifier in CA Mobile OTP Library
By default, the device locking feature is enabled in CA Mobile OTP libraries with the following default uniqueid:
aatest
How unique is the device identifier that is generated for the device locking in CA Mobile OTP library for Android, iOS and Windows Phone.
By default, the device locking feature is enabled in CA Mobile OTP libraries with the following default uniqueid:
- iOS mobiles use the CFUUID parameter to lock the device.
- Android mobiles use Secure.ANDROID_ID as uniqueid.
- Windows mobiles use Windows.Phone.System.Analytics.HostInformation.PublisherHostId as uniqueid.
When a user uninstalls the app (which uses the CA Mobile OTP library) and reinstalls, is the deviceid the same (used in the first installation) or does deviceid change?
Advanced Authentication
stores CFUUID in key chain which persists even after application uninstall. Application re-installation accesses the same CFUUID. However, the CFUUID is not accessible in the following scenarios:- Do not change keychain access group identifier. By default, an app can only access keychain items with the keychain access group matching the application-identifier code signing entitlement. When the previous version of your app is writing data to the keychain, submitting an app update with the new App ID results in a loss of access to the previous keychain data. The keychain access is only lost after an update to the app.
- User deletes CFUUID from keychain explicitly.
- For iOS, to persist the unique id between instalation and uninstallation, use identifierForVendor which belong to UIDevice class. This identifier is unique per device and per vendor.
- For Windows Phone, Windows.Phone.System.Analytics.HostInformation.PublisherHostId is unique per device and per publisher, which means that no two publishers receive the same value for the same device. This string is generated at time of first application installation from publisher and lasts until user uninstalls last application from the same publisher.
- CA Mobile OTP behavior is consistent for the user accounts with CA Mobile Application across installation and uninstallation. (While uninstalling application, all the accounts gets deleted and after re-installation user credential gets device locked with current PublisherHostId id)
- For Android, Secure.ANDROID_ID is a 64-bit number randomly generated when the user first sets up the device and should remain constant for the lifetime of the users device. The value may change if a factory reset is performed on the device. So, CA Mobile OTP behavior should be consistent for the user accounts CA Mobile Application across installation and un-installation. (While uninstalling application, all the accounts gets deleted and after re-installation user credential gets device locked with current Secure.ANDROID_ID id)
- You can lock an account using non default parameters. To lock an account to a device by custom device locking key, implement custom logic as explained in the following steps:
- Implement the DeviceLock interface to use the custom device locking parameters.
- Invoke the setDeviceLock() method in the API class.
You can also disable the device locking feature by passing a NULL value to the setDeviceLock() method.