Closed sampie777 closed 1 year ago
sampie777
commented
1 year ago Let's use something like RSA, so we can at least validate that the new ID value we are receiving is a valid value coming from a valid device. This will be most useful if we need to use the ID for authentication on the server. Although it will then be possible to extract the initial device ID from the encrypted value. But one can encrypt the hashed device ID value, so it's 100% anonymous and 100% secure.
sampie777
commented
1 year ago crypto library is not available in React Native.react-native-crypto is deprecated. crypto-browserify is dependent on Nodejs libraries. react-native-quick-crypto can't be installed: Could not resolve all task dependencies for configuration ':react-native-quick-crypto:debugCompileClasspath'.. crypto-js.sampie777
commented
1 year ago react-native-rsa-native works well (decrypting is broken, but we don't use that).
Altough, new conclusion: encrypting device ID on every app boot will result in a different value each time. We want a constant value. Storing the value and retrieving it will cause the initial errors not to be assigned to a user. So we have to throw away our encryption method and just use a hash. This way however, we can't verify the authenticy of the received value.
Instead of using the device ID directly, hash this value so it won't be a problem when using it outside the app. We don't need to know the exact value of this ID, we just want to be able to separate users from each other for error debugging purposes. So by hashing this value, the value will remain unique to an user, but it's impossible to trace this value back to a certain user. Win for the privacy, no loss for the development.