How to ensure/determine that a post is coming from an specific application running on an iPhone/iTouch?

Question

Building an iPhone OS application that will allow users to anonymously post information to a web application (in my particular case it will be a Rails based site) ... and I

Answer 1

The best way would be to implement a known call and response pattern. Send a value of some sort (integer, string, hash of a timestamp) to the iPhone/iTouch application. Have the application modify this information in a known way and send it back for verification. Then all you have to do is use a different modification algorithm per-platform and that will verify what type of device is being used.

VERY simple example:

1. Server sends 100 with the response to an iPhone.
2. iPhone adds 10 to this value and sends back with request.
3. Server detects the value was increased by 10 and now knows it was from an iPhone.

Then on your Android clients add 20 and on another platform add 30 and so on...

Answer 2

Encrypt or sign something using the public key of a key pair, then decrypt or verify it on the server with the private key. Ultimately, anything that can be sent can be duplicated, be it a spoofed html header or an encrypted block. The app has to know the secret handshake, and anyone with access to it (and sufficient technical skills) can figure out the secret handshake.

Answer 3

I would suggest the following approach.

Build an ssl enabled access to your rails app. Now create a user account for every plattform you want to use and enable your applications to log in with the correct key. If you use the ssl standard in a correct way there shouldn't be a way to sniff the password and you can use standard components on the rail and the phone side of your app.

You then need to secure the login credentials on your phone with the appropriate technics. Eg. put it in the keychain on the Iphone.

Answer 4

You could also add a hidden field in the form. or in the data being passed up if it is XML or other format