Hi guys, i decided to create an app that can track user in/out in my company.
The ideal is simple: if an user walk into a monitored region, that action will be considered 'In", and the same as “Out”.
After that, my app will send a message to the server and inform it to save the action just happent.
But what if an employee decode my app, get the request body, and send a fake request to the server?
I also know about secure UUID, but in the end, my app still send the real ID(resolved ID) not the encrypted UUID. So if employees know beacon’s real UUID, they can still cheat the server.
So i hope you guys can give me some instruction to solve this problem, thanks.
Hi @Hanh_Vo,
You want to use use monitoring technology, okay. But you don’t want another app’ to be able to send the same message as yours.
Pretty hard ^^
What you can do is make your own SecureUUID system: when your app’ resolves the real UUID of your beacon, you won’t send it (because it doesn’t change) but another number that only your server can identify. You will need the same algorithm than Google or Estimote to identify the app’ with the sent number.
What do you think about it?
