Right, that qualifies to me as "additional infrastructure." kris
On Fri, Oct 5, 2012 at 3:21 PM, Hadi Nahari <[email protected]> wrote: > One [only?] reliable way to accomplish this is to have a trust-base on the > device (TPM, TrustZone, UICC, Secure Element, etc.) that works in > conjunction with a backend to assert device's identity, capability, etc. > > -Hadi > > > On Fri, Oct 5, 2012 at 12:16 PM, Lucas Palma <[email protected]> wrote: >> >> It's not the connection speed that I said, but the rate that the user >> sends information. >> And, as you said and I had already stated, it was an idea but not used, >> because it can be forged. >> >> I was thinking if there's a server-side strategy, because almost >> everything that come from the client-side can be forged, but if anybody >> knows something that can't be forged and identifies the user as mobile >> device user, please tell me. >> >> Regards, >> >> -- >> Lucas Palma >> >> >> >> "If you are patient in one moment of anger, you will escape a hundred days >> of sorrow." >> - Chinese Proverb >> >> >> >> On Fri, Oct 5, 2012 at 4:10 PM, Kristopher Micinski >> <[email protected]> wrote: >>> >>> I think that anything will be able to be forged, you can always >>> manipulate the connection speed, that's not a reliable indicator. >>> >>> kris >>> >>> On Fri, Oct 5, 2012 at 3:08 PM, Lucas Palma <[email protected]> >>> wrote: >>> > Yes, right. >>> > >>> > I was thinking that any strategy on the client side could be forged, so >>> > I >>> > started thinking if there's a server-side action that could be used. >>> > >>> > I thought, for example, at the speed that the user sends information, >>> > since >>> > on desktop the information is typed and then sent faster than on a >>> > mobile... >>> > but this could also be faked on the client side. >>> > >>> > -- >>> > Lucas Palma >>> > >>> > >>> > >>> > "If you are patient in one moment of anger, you will escape a hundred >>> > days >>> > of sorrow." >>> > - Chinese Proverb >>> > >>> > >>> > >>> > On Fri, Oct 5, 2012 at 4:04 PM, Kristopher Micinski >>> > <[email protected]> >>> > wrote: >>> >> >>> >> I would say that pretty much any strategy is going to be spoofable. >>> >> >>> >> You're talking from the perspective of the server, correct? >>> >> >>> >> kris >>> >> >>> >> On Fri, Oct 5, 2012 at 2:58 PM, Lucas Palma <[email protected]> >>> >> wrote: >>> >> > Hi everybody, >>> >> > >>> >> > There's some way to identify that the user is using a mobile device, >>> >> > not >>> >> > a >>> >> > desktop? >>> >> > Like, I have an application, which communicates with a web service, >>> >> > but >>> >> > anyone could access it through a desktop, and simulates that is >>> >> > using a >>> >> > mobile device. >>> >> > >>> >> > I don't think that "user-agents", "css" and things like that will >>> >> > help, >>> >> > since they can be forged. >>> >> > Someone know one or more ways to do the trick? >>> >> > There's some way to do it without changing the application? >>> >> > >>> >> > Thanks in advance! >>> >> > >>> >> > -- >>> >> > Lucas Palma >>> >> > >>> >> > >>> >> > >>> >> > "If you are patient in one moment of anger, you will escape a >>> >> > hundred >>> >> > days >>> >> > of sorrow." >>> >> > - Chinese Proverb >>> >> > >>> >> > -- >>> >> > You received this message because you are subscribed to the Google >>> >> > Groups >>> >> > "Android Security Discussions" group. >>> >> > To post to this group, send email to >>> >> > [email protected]. >>> >> > To unsubscribe from this group, send email to >>> >> > [email protected]. >>> >> > For more options, visit this group at >>> >> > http://groups.google.com/group/android-security-discuss?hl=en. >>> > >>> > >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Android Security Discussions" group. >> To post to this group, send email to >> [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/android-security-discuss?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
