Device IMEI locking for tablets

2019-03-01 09:22发布

问题:

In my application I used to lock application with IMEI code. I mean during startup application checks device IMEI and compares it with list of allowed devices. If device is in list user can continue to work, otherwise it bails out:

public boolean checkIMEI(Activity activity)
{
        TelephonyManager tm=(TelephonyManager )activity.getSystemService(Context.TELEPHONY_SERVICE);
        if(tm==null)
        {
            Log.v(TAG, "Can't get telephony service");
            new MessageBox(activity, "Can't get telephony service. Forcing shut down!");
            return false;
        }
        //encrypted IMEIs list
        String[] vals=activity.getResources().getStringArray(R.array.imeis); 
        //real device IMEI
        String deviceId=tm.getDeviceId();
        if(deviceId==null || deviceId.length() < 2)
        {
            Log.v(TAG, "Looks like emulator - bail out!");
            Toast.makeText(activity, "This special version not intended to run in this device!", 5000).show();
            return false;
        }
        boolean valid=false;
        for(String val:vals)
        {
            String imei=Checker.decryptTemp(val); //decrypt IMEIs
            if(imei.equalsIgnoreCase(deviceId))
            {
                valid=true;
                break;
            }
        }
        if(!valid)
        {
            Log.v(TAG, "Invalid device IMEI!");
            return false;
        }
    return true;
}

Problem with Android tablets not equipped with telephony service. So these devices don't have IMEI. On which id should I rely upon? Mac address or something else? Also each time I need to ask prospective users send me their device id... How they can do it?

回答1:

If the user is savvy enough to run your APK in the simulator, he's savvy enough to decompile it and remove your check.

Moreover, if I were you, I would go for offering more functionality to registered and logged-in users, rather than trying to prevent unregistered users from launching your application. Nothing is more annoying than an application that dysfunctions due to such a security feature (think Steam or Windows Live or Ubisoft's infamous denial-of-play-for-paying-users). It only pushes people to pirate your application.



回答2:

As i wrote here it is not a good idea using the IMEI to identify a certain device.



回答3:

IMEI check could be good idea if offered exclusively for phones, using phone functionality but it is depended on country regulations. There are few countries where EIR (equipment identity register) registry is implemented within their mobile networks. It checks for stolen and fake IMEI's which are grey and black marked. Black marked imei's can't use phone functionality, grey marked are suspected and traced upon legal need. If this is the case then using imei check will be valuable.