Avoid duplicate devices

[bakulf]

Before 2.4.x, at the end of the authentication flow, the client deleted devices with the same name as the current one to avoid duplicate devices. For example, if the current device is called "Baku's Android" and there was another "Baku's Android" device, the old one was removed.

But it turned out that there are users with multiple devices with the same name. Because of this, in 2.4.x we have removed the device deletion during the authentication. But we can do better than this!

What about if we add a unique_id field in the Device interface (guardian-website) and we populate this new field with something unique. We can use this unique id to remove the correct duplicate device.

Android: https://developer.android.com/training/articles/user-data-ids iOS: https://developer.apple.com/documentation/uikit/uidevice/1620059-identifierforvendor?language=objc MacOS: https://developer.apple.com/library/archive/technotes/tn1103/_index.html Windows: https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-getcurrenthwprofilea (maybe) Linux: https://man7.org/linux/man-pages/man5/machine-id.5.html :question:

┆Issue is synchronized with this Jira Task

[bakulf]

Or... even better, we can use QSysInfo::machineUniqueId().

[oskirby]

To play devil's advocate a bit, is there a reason why we aren't just using the device's public key (or something derived from it) as its unique identifier? It would seem to have the same lifecycle and uniqueness requirements as the machine identifier.

[birdsarah]

I have the same question as @oskirby.

[data-sync-user]

➤ Pun Lam commented:

Closed by Github #1369

[data-sync-user]

➤ Sarah Bird commented:

Not sure why this is marked as Cancelled. The issue is still live and the PR’s haven’t been merged.

[data-sync-user]

➤ Sarah Bird commented:

This works with v1.16 of guardian.

[data-sync-user]

➤ Andrea Marchesini commented:

Ready to be tested.

[data-sync-user]

➤ Valentina Virlics commented:

Verified this on VPN latest build 2.6.0. (16333820) while using Android 10.

• Evey time we reinstall the app without logging out, the device is duplicated.

Verified this on VPN latest build (2.6.0 (2.202110042126)) while using Windows 10.

• There are no duplicated devices if the user uninstalls the app without logging out.

!Screenshot_20211005-154534.png|width=1080,height=1920!

[data-sync-user]

➤ Andrea Marchesini commented:

Can we file a separate issue for android and close this one? Android has a custom unique-id implementation.