Recently I have worked on a project on iBeacon and installed some estimotes onto the field. However I have found a security issues which is likely caused by "too powerful" of the android's estimote app. Here is my test case:
Testing Scenario:
Device #1 : iphone 4S , ios8.0.1
Device #2 : iphone 6 , ios8.0.1
Device #3 : One Plus One , android 4.4.2
3 Devices have all installed "Estimote" app from app store/google market
Case 1
- I have modified the UUID of the beacon using device #1 , with a completely new UUID , result in Device#2 cannot scan using the estimote app , however Device#3 can also scan ( and modify the Major/Minor also)
Case 2
- I have modified the Major/Minor of the beacon using Device#3 with estimote app and succeeded. However, Device#1 can no longer modify the beacon with estimote app since the beacon is shown "not belongs to this user"
So my question is:
"Is there any way to prevent an anonymous Android user who is using the Estimote App downloaded from Google Play, to modify the major/minor of our ibeacon easily? "
I think this may quite affect the behaviour of our project as if anyone else can chance the major/minor that easily :/