iOS Tutorial DeviceCheck - uniquely identify iOS device

Hi,

in this tutorial (intended for advanced B4i user) I want to demonstrate how you can use the DeviceCheck framework (introduced with iOS 11) in order to uniquely identify an iOS device. I highly recommend to read the offical Apple documentation first: https://developer.apple.com/documentation/devicecheck?language=objc

The main advantages & use cases:
  • "DeviceCheck APIs also let you verify that the token you receive comes from an authentic Apple device on which your app has been downloaded"
  • "identify devices that have already taken advantage of a promotional offer that you provide"

Basically the framework allows you to save two bits (2x2) of data per device & per developer (this also means: if you have 100 Apps or more in the store, they all share the same two bits! Personally, I believe this is a big disadvantage ...)

The following graphic illustrates the server communication between the Device, your Server & Apple:

server.png

Source: https://iosimage.s3.amazonaws.com/2018/34-devicecheck-tutorial/server.png

Before we can start to code, we need to create a new DeviceCheck key in the member center:


upload_2019-1-6_0-18-27.png


Be sure you have selected "DeviceCheck".
Note down the KeyID & download the generated key file and save it, we will need it later.

Now go to the following page https://developer.apple.com/account/#/membership/ and note down your TeamID.

These information are needed in order to generated a JSON web token for authentication. This step is done by the server module and with the help of a tool called JWT.jar (also written in B4J). As a developer, you just have to enter your collected information (Path to the private key, KeyID & TeamID) in the Initialize method of the DeviceCheckServer module.

The two resumable subs GetBitState and SetBitState of the module are doing the "magic" for you & return a custom response type with information about the request & validities; for status codes & errors please have a look at the documentation: https://developer.apple.com/documen...g_and_modifying_per-device_data?language=objc

On the device side, the DeviceCheck module generates the temporary DeviceToken & sends it to our server - simple.

In general, I recommend to start with the examples and fit them to your needs.

Notes & tips:
  • set the MinVersion of your iOS App to iOS 11
  • be sure you have register an explicit App ID
  • DeviceCheck has no simulator support
Feel free to ask questions ;)
 

Attachments

  • DC_ServerExample.zip
    418.2 KB · Views: 641
  • JWT.jar
    442.4 KB · Views: 565
  • DeviceCheckServer.bas
    3.4 KB · Views: 589
  • DC_AppExample.zip
    2 KB · Views: 550
  • DeviceCheck.bas
    1.3 KB · Views: 579

tufanv

Expert
Licensed User
Longtime User
very useful. I think we can use this to protect our API's and limit the access to devices only which our app is installed on right?
Hi,

in this tutorial (intended for advanced B4i user) I want to demonstrate how you can use the DeviceCheck framework (introduced with iOS 11) in order to uniquely identify an iOS device. I highly recommend to read the offical Apple documentation first: https://developer.apple.com/documentation/devicecheck?language=objc

The main advantages & use cases:
  • "DeviceCheck APIs also let you verify that the token you receive comes from an authentic Apple device on which your app has been downloaded"
  • "identify devices that have already taken advantage of a promotional offer that you provide"

Basically the framework allows you to save two bits (2x2) of data per device & per developer (this also means: if you have 100 Apps or more in the store, they all share the same two bits! Personally, I believe this is a big disadvantage ...)

The following graphic illustrates the server communication between the Device, your Server & Apple:

server.png

Source: https://iosimage.s3.amazonaws.com/2018/34-devicecheck-tutorial/server.png

Before we can start to code, we need to create a new DeviceCheck key in the member center:


View attachment 75990

Be sure you have selected "DeviceCheck".
Note down the KeyID & download the generated key file and save it, we will need it later.

Now go to the following page https://developer.apple.com/account/#/membership/ and note down your TeamID.

These information are needed in order to generated a JSON web token for authentication. This step is done by the server module and with the help of a tool called JWT.jar (also written in B4J). As a developer, you just have to enter your collected information (Path to the private key, KeyID & TeamID) in the Initialize method of the DeviceCheckServer module.

The two resumable subs GetBitState and SetBitState of the module are doing the "magic" for you & return a custom response type with information about the request & validities; for status codes & errors please have a look at the documentation: https://developer.apple.com/documen...g_and_modifying_per-device_data?language=objc

On the device side, the DeviceCheck module generates the temporary DeviceToken & sends it to our server - simple.

In general, I recommend to start with the examples and fit them to your needs.

Notes & tips:
  • set the MinVersion of your iOS App to iOS 11
  • be sure you have register an explicit App ID
  • DeviceCheck has no simulator support
Feel free to ask questions ;)
 
Top