> Wouldn't it be more secure if they hashed the imei before placing it into > the header? This way a unique hash can be used as an authentication key. > Hashes are more difficult to match. Or to make it more difficult, slit the > imei into 2, hash both parts, and combine them together in the same string. > An md5 hash for example is 33 bytes long, if using that method, the app/site > would send a long 66 byte hashed imei to the server to uniquely identify > itself. If I built an android app, I'd use this method to secure each apps > license and in-app purchases.
NTT Docomo says IMEI is not hashed. No changed. It's just a plain text in HTTP User-Agent header and original header. Please See: http://www.nttdocomo.co.jp/service/developer/smart_phone/service_lineup/music_movie/index.html -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
