Investigate how we can download uploaded numbers without user credentials

[freedomtan]

for #670

Let's check if that's possible to

• [ ] get per device unique id, (and hence use it or a key derived from it as a unique key to retrieve/restore uploaded data)
• [ ] avoid user credential(s) at the stage

Some notes/links:

• Google has some doc on how to use unique ids on Android
  • actually, it's possible to get IMEI from Android, however it's recommended to avoid using hardware ids
• To avoid using a cleartext id, maybe we use a keyed-hash message authentication code HMAC

@anhappdev and @RSMNYS

[RSMNYS]

guys we can use such identifiers that remains consistent across app reinstalls:

IOS: identifierForVendor (https://developer.apple.com/documentation/uikit/uidevice/1620059-identifierforvendor?language=objc)

Android: Settings.Secure.ANDROID_ID (https://developer.android.com/reference/android/provider/Settings.Secure#ANDROID_ID)

[RSMNYS]

and here is the package we can try to use to retrieve such keys: https://pub.dev/packages/device_info_plus

[anhappdev]

Persistent unique identifiers like IMEI will not work for our case because:

• on iOS it's not possible to get it
• on Android it's possible but with READ_PHONE_STATE permission and user can deny it at run time.

---

For iOS

IOS: identifierForVendor (https://developer.apple.com/documentation/uikit/uidevice/1620059-identifierforvendor?language=objc)

Not really what we need, as stated in the link:

The value changes when the user deletes all of that vendor’s apps from the device and subsequently reinstalls one or more of them.

And for Android

Android: Settings.Secure.ANDROID_ID (https://developer.android.com/reference/android/provider/Settings.Secure#ANDROID_ID)

This may work, but I have seen many issues stated that it may not work reliable as expected.

---

I think it's better and simpler just provide the user the possibility to sign up for an account if he wants to access his uploaded results after app uninstall/reinstall. The app will use an anonymous account (with a random-generated user ID) as default. So it's not required to sign up for an account to use the app. And when he wishes to sign up, we can convert the anonymous account to a normal account.

[RSMNYS]

I agree with Anh here as this is the better approach to have anonymous login to use the app. And when the user wants to use the feature (in this case download/upload) that requires the real account - ask him to sign up and convert the account from the anonymous to the normal one.

[freedomtan]

1. by default, anonymous account, if we reinstall the app, we lose all the results
2. if we want to have some results restored, we need accounts. We can just use third-party accounts (e.g., google and others)