An iOS certificate installed on the website that allows you to connect the device UUIDs to the session

I would like to be able to read the UUID of the device from the iOS device on the web page. I understand that it is impossible to use JavaScript for obvious security issues, but every day I use testflight and I see that they have access to UUID devices.

It looks like they are doing this by installing a profile profile on your iPhone when you register your device.

What certificate / provisioning profile should I use to do something like this?

Then I could associate the device UUIDs with the webpage session. I understand that this requires confirmation from users who are completely suitable for me .. I am not trying to find a way to avoid that we cannot access the uuid device from the code , I ask about it because I know what testflight does this is

+6
source share
1 answer

Ok! I think now I understand.

You are right, the UDID, of course, is not sent by the browser. I was convinced that this was due to Safari's security flaw or something like that, because testflightapp adds a unique identifier similar to the UDID, but not.

What they actually do is generate a new DeviceID (not related to the UDID). Then, to register the device, they generate a profile specially created for this DeviceID, which contains the "Payload", which registers the device at the URL that contains this DeviceID generated by testflightapp.

In this registration process, the device requests a profile to send the UDID (plus other data). This is the information the profile requests:

<array> <string>UDID</string> <string>IMEI</string> <string>ICCID</string> <string>VERSION</string> <string>PRODUCT</string> <string>MODEL</string> <string>DEVICE_NAME</string> </array> 

So, when a device requests a testflightapp server to register this device, they can associate this DeviceID stored in the profile with the actual UDID of the current device. The way they show in the browser that the process is completed, and save the UDID.

But this does not complete the answer, because I have not yet decided how they really relate to this web session with the UDID, even when the session is dead and DeviceID goes into orphans. The answer seems (not confirmed, but 99% sure!) That the registration process allows you to determine which WebClip to insert into the Springboard menu. This WebClip URL contains the device UDID URL, so anytime you get to testflightapp through this WebClip, you update the session with your UDID, so it doesn't matter if the session died.

Hope my post now helps! Sorry again for the incomplete misinformed previous.

+3
source

Source: https://habr.com/ru/post/910401/


All Articles