I have an app where users registering signup with my service and purchase items with online payment or Cash on delivery.
Fraudulent users are increasing exponentially by the day, and blocking users id from backend only delays them creating new ones.
What’s the recommended approach to block a whole device from using Or registering to my app? Even if he/she deleted & reinstalled my app. Is there a way to uniquely identify a device? Or any other approach?
All other posts i see are from 2014, and got me more confused.
The DeviceCheck APIs were created for this purpose.
Using the DCDevice class in your app, you can get a token that you use on your server to set and query two binary digits of data per device, while maintaining user privacy. For example, you might use this data to identify devices that have already taken advantage of a promotional offer that you provide, or to flag a device that you’ve determined to be fraudulent.
Highlight mine.
Essentially, this API allows you to set a few flags on specific devices and check against them, without having to violate user privacy with unique IDs.
Like the documentation states, you will need to use a combination of these APIs with your server to block fraudulent devices.
It even provides a DCAppAttestService API you can use to validate the integrity of your app. As an extra note, it cannot check for jailbreak, but you can even check if your app has been modified in an unauthorized manner to act against that.