Yes Hadi, it's sort of an intrusive way to solve the problem but... at the moment, I don't see any other option. Thanks for the idea.
Kris, I don't have any additional infrastructure. At the moment, there's a webservice for mobile, a webservice for desktop, and both communicates with a server. The mobile version needs to have less security policies, for usability questions, so on a desktop it is easier attacked. Kevin, as mobile devices I'm talking about smartphones and tablets. The picture idea can be an answer. It's a bit intrusive, but more difficult to be faked. Thanks you all for the answers. -- Lucas Palma *"If you are patient in one moment of anger, you will escape a hundred days of sorrow."* *- Chinese Proverb* On Fri, Oct 5, 2012 at 4:27 PM, Kevin Chadwick <[email protected]>wrote: > > There's some way to identify that the user is using a mobile device, not > a > > desktop? > > Like, I have an application, which communicates with a web service, but > > anyone could access it through a desktop, and simulates that is using a > > mobile device. > > > > I was thinking check the width, set viewport check again. > > What do you class a tablet as? desktop or mobile. The main difference is > usually a small screen. Resolution may be going crazy like > megapixels due to marketers, just like megapixels have no effect with > small lenses, resolution has no effect with the media both a phone and > it's connection can handle for the foreseeable future, causing > unnecessary problems. > > > I don't think that "user-agents", "css" and things like that will help, > > since they can be forged. > > You could try taking a picture and seeing the reflection in the users > eye, but even that could be fed false data. The user is generally King. > > -- > _______________________________________________________________________ > > 'Write programs that do one thing and do it well. Write programs to work > together. Write programs to handle text streams, because that is a > universal interface' > > (Doug McIlroy) > _______________________________________________________________________ > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
