Using a PWA, I need to register the phone with the server, before it can be used. Is there access to any unique id, mac or something else to identify it?
Could you just generate your own GUID and put it in localStorage and use that? Generally there's a lot of effort that has gone into not having a unique way to identify the device, for privacy reasons. Note that localstorage is typically persistent - it survives app/browser restarts.
No, there is no reliable and ethical way to uniquely identify an iPhone (or any device) from JavaScript running in the browser. Modern browsers and operating systems, including iOS and Safari, implement strong privacy protections to prevent websites and scripts from tracking users in this manner.
Limitations Due to Privacy and Security Protections:
- No Access to Device Identifiers:
Browsers do not expose hardware-level identifiers like the IMEI number, MAC address, or UDID (Unique Device Identifier) to JavaScript. - Restricted APIs:
Browser APIs (like WebRTC, Device Orientation, or MediaDevices) have limitations or require user permissions. These do not expose unique device identifiers. - Privacy Features in Safari:
Safari on iOS includes anti-tracking features like Intelligent Tracking Prevention (ITP), which block cookies, fingerprinting attempts, and other tracking methods.
Potential (But Imperfect) Methods to Identify Devices:
While you can't uniquely identify an iPhone, here are some methods sometimes used to approximate identification:
1. Browser Fingerprinting:
Fingerprinting uses a combination of characteristics from the device and browser, such as:
- User-Agent string (e.g., OS version, browser version)
- Screen resolution
- Timezone and language settings
- Installed fonts (limited in modern browsers)
- Canvas fingerprinting (rendering of graphics to gather unique data)
Limitations:
- Fingerprinting is not reliable for unique identification.
- Safari actively blocks fingerprinting methods, especially on iOS.
2. Cookies and Local Storage:
You can store a unique identifier in cookies, localStorage, or IndexedDB, and retrieve it on subsequent visits.
Limitations:
- Users can clear cookies and local storage.
- Safari enforces cookie expiration with its ITP, which limits tracking persistence.
3. WebRTC IP Leak (Deprecated):
WebRTC could expose local IP addresses, but this has been mitigated in most browsers due to privacy concerns.
Conclusion:
Modern privacy protections on iOS and browsers make it impossible to uniquely identify an iPhone reliably and ethically using JavaScript alone. If you need persistent identification for legitimate reasons (e.g., analytics or login systems), consider using server-side solutions like authentication tokens or secure session management tied to user accounts.
1 Like
For my purposes, it will have to be sufficient that I can register the app with a server and store the token in IndexDB. It will be unfortunate if there is a time limit on this.
If there is a time limit, then I can store the user's pin on the server, for speed of reauthentication. I cant have an alpha-numeric password as it will be used in a flying aircraft, so big buttons are required.
Most of the employees in my client's company uses iOS (Phones and tablets).
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.