ok what about that...Idea --------------------------------------- Frank just installed PokeDL in his mobile device and scans a barcode or QR Code generated on the his own users page at DL Server or where ever else with the following data: {oW97seXRWJGudREl8TQUhYma3Zb8ntSJNoJY2cdsjTu6tFeb6Y9Wmidq7D9RMA2E} which gets decrypted and translated from PokeDl as --------------- server: https://dl.server.com usertoken: WKNL-4JP7-ER3T-TP8C timestamp: 20170923184552100 --------------- PokeDl adds this server to the serverlist. and confirms at the given server url by sending an encrypted data: {nzMz8oKrYcMLWmYclRne4iccvXhkWxPLq4QLhfyhZIhtJa77ooFFynpsrdeMmnYy}
within the next, lets say 60 seconds or even less, including the -usertoken -unique id generated from the hardware id of his mobile device the IMEI -and his timestamp just to make the data sent look always different. --------------- Frank wants to connect to the server at a given time PokeDl makes an internal call to: https://dl.server.yo/GateWatcher.php?data={w7aByYV0nBGiCNbdebNaadDNhsg90LtAm4yTQfQzFBdeghmMOkzQfuqzoTvygvDj} to get a session permission. --------------- the data sent is encrypted information consisting of the Franks -usertoken -current datetime -and something else if you want to make it harder... --------------- -if Frank registered before: which he is, his mobile device gets a session permission to down or upload data -if frank uses different mobile devices his 2'nd or 3'rd IMEI would be different, and to gain access Frank only needs to scann again for the new device and confirm the registration like described before. --------------- in that constellation Frank would never deal with URLs, usernames or passwords and no private data is transfered through the net when he down or uploads stuff, except the the one and only time when he registeres a new device. --------------- I wonder if this can be made on android and with php on server of course... GDay to all... # # # # # # # # # # # # # # # # # # # # # # # # # # # ORIGINAL MESSAGE IS FOLLOWING # # # # # # # # # # # # # # # # # # # # # # # # # # MsgID: 87efs21t78....@wavexx.thregr.org From: Yuri D'Elia <wavexx-0pwbvmanqnmdnm+yrof...@public.gmane.org> Date: Wed, 23 Aug 2017 12:20:27 +0200 Subject: Re: New Android client for DL available > On Tue, Aug 22 2017, Daniel Berteaud wrote: > > Those who will configure the software: yes, most likely. But not > > necessarily those who will use it. What this means is that a advanced > > user can install and configure the app initially with no issue, and > > then has this dilemma. He can either uncheck the "unknown sources" > > checkbox, which will prevent any further update of the app, or let the > > checkbox, and expose non experienced users to more risks. > > Is it actually possible for android devices to be somehow setup or > managed by an institution in bulk? > > For example, even if PokeDL was available in the Play Store, do you know > if there's a way to preset the app settings for you server directly > during install? > > >