We are planning some work related to optionally tracking installed apps per device so we can provide users a list of apps (both current and past) of apps installed on each device (planning ahead for convergance). Besides allocating a unique id for a device, we need to gather some information from the client about the device is running on, a nice user-readable name, but also some hardware specs so we can provide developers with meaningful numbers on what their userbase is running (we won't track unique hardware IDs like mac addresses and such).
Proposed API: POST /api/register-device (OAuth signed) Expected data (json encoded dict): device brand, device model(, other device specs and capabilites) Return value: a unique device id (string, uuid like) that will identify this device with the click store Use case: the client running in the device will register such device against the click store once per "first setup" (for example when first booting the device or using the store for the first time, client choice) passing the device's metadata/hardware information, through an OAuth signed request. The server will generate a unique id, will store it (along with the device details) and link to the signing user, and will return this (device) id to the client for future usage against the API. This device id must be passed as API parameter each time this client requests an app download to the click store (besides the already known package name parameter, using existent API endpoint). If no device ID is passed, for backward compatibility and for people who would rather we don't track their devices, we'll assume a "default device" and move on. Are there any concerns with this approach? Security or otherwise? -- Martin -- Mailing list: https://launchpad.net/~ubuntu-appstore-developers Post to : ubuntu-appstore-developers@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-appstore-developers More help : https://help.launchpad.net/ListHelp
