Mobile Device Unique Identifier
I am creating certificates for iOS and Android mobile devices. The Edge client on both platforms makes available a session variable called session.client.unique_id. Embedding this unique_id value within the certificate provides a way to ensure the certificate will work only on the particular device by comparing the value in the certificate against the value returned by the edge client. The iOS unique_id field is actually the Apple UDID and the Android unique_id seems to be a mystery value of some sort.
The Apple UDID is deprecated however I am not sure if this is as a means of user tracking in apps only, or if Apple is going to stop making this field readable at sometime in the future just like Android did with the mac_address field in Marshmallow. Does anyone have any insight into this?
Regarding the Android unique_id, would anyone know where this value comes from? I need to be sure this value does not change during an OS upgrade for example since I will be storing it in the certificate. I don’t care if the value changes during a hardware wipe and I am not concerned if it can be change using root.
I am also open to other suggestions about locking a certificate to a device…
Thanks.