Wouldn't it be more secure if they hashed the imei before placing it into the header? This way a unique hash can be used as an authentication key. Hashes are more difficult to match. Or to make it more difficult, slit the imei into 2, hash both parts, and combine them together in the same string. An md5 hash for example is 33 bytes long, if using that method, the app/site would send a long 66 byte hashed imei to the server to uniquely identify itself. If I built an android app, I'd use this method to secure each apps license and in-app purchases.
Kevin Veroneau [email protected] -- Sent from my Motorola Xoom On Oct 22, 2011 5:41 AM, "Nick" <[email protected]> wrote: > > > What I am saying that this is a poor way to authenticate a device? The > > simple app can trigger a http request with another IMEI nos and get > access. > > I don't know how to use IMEI in PlayReady system. > > > # "nos" means "numbers" ? > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
