You can use a second authentication factor though. For example, push notifications (which ties back to Apple servers and the device’s serial number) and SMS verification code (commonly found in two-factor authentication schemes)
> On Jun 23, 2015, at 02:05, Kyle Sluder <[email protected]> wrote: > > On Mon, Jun 22, 2015, at 12:32 PM, Alex Zavatone wrote: >> Basically, we're trying to make sure that we limit just what type of >> client can contact our web service and limit it to our iOS and Android >> apps. > > Generally speaking, this isn't possible. All of the information > necessary to authenticate the client as "genuine" needs to be contained > within your application, which makes it possible to extract, inspect, > and mimic. > > You might look up the history of AOL trying to kick unauthorized clients > off its AIM network. The continued existence of projects like GAIM and > Trillian provides some commentary on the effectiveness of that approach. > > --Kyle Sluder > _______________________________________________ > > Cocoa-dev mailing list ([email protected]) > > Please do not post admin requests or moderator comments to the list. > Contact the moderators at cocoa-dev-admins(at)lists.apple.com > > Help/Unsubscribe/Update your Subscription: > https://lists.apple.com/mailman/options/cocoa-dev/max%40maxchan.info > > This email sent to [email protected]
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Cocoa-dev mailing list ([email protected]) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to [email protected]
