Security concerns on Android?

Recently I have worked on a project on iBeacon and installed some estimotes onto the field. However I have found a security issues which is likely caused by "too powerful" of the android's estimote app. Here is my test case:

Testing Scenario:

Device #1 : iphone 4S , ios8.0.1
Device #2 : iphone 6 , ios8.0.1
Device #3 : One Plus One , android 4.4.2

3 Devices have all installed "Estimote" app from app store/google market

Case 1

  • I have modified the UUID of the beacon using device #1 , with a completely new UUID , result in Device#2 cannot scan using the estimote app , however Device#3 can also scan ( and modify the Major/Minor also)

Case 2

  • I have modified the Major/Minor of the beacon using Device#3 with estimote app and succeeded. However, Device#1 can no longer modify the beacon with estimote app since the beacon is shown "not belongs to this user"

So my question is:

"Is there any way to prevent an anonymous Android user who is using the Estimote App downloaded from Google Play, to modify the major/minor of our ibeacon easily? "

I think this may quite affect the behaviour of our project as if anyone else can chance the major/minor that easily :/

Hi Nandi,

We're aware that Android still gives you a way to work around our authentication mechanism already implemented in the iOS version of our app. We're working on that and will release relevant updates in the near future.