ubuntu-appstore-developers team mailing list archive

Thread
Date

Re: Registering devices

To: Martin Albisetti <martin.albisetti@xxxxxxxxxxxxx>, Ubuntu Appstore Developers <ubuntu-appstore-developers@xxxxxxxxxxxxxxxxxxx>
From: Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>
Date: Thu, 30 Jan 2014 15:06:17 -0500
Cc: Jamie Strandboge <jamie@xxxxxxxxxxxxx>
In-reply-to: <CAAosnqsvx-oAtMxCUTJpvrj4DyjSRX3m6rGsi=jNj9cyaS2WYg@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0

On 14-01-30 03:00 PM, Martin Albisetti wrote:
> We are planning some work related to optionally tracking installed
> apps per device so we can provide users a list of apps (both current
> and past) of apps installed on each device (planning ahead for
> convergance).
> Besides allocating a unique id for a device, we need to gather some
> information from the client about the device is running on, a nice
> user-readable name, but also some hardware specs so we can provide
> developers with meaningful numbers on what their userbase is running
> (we won't track unique hardware IDs like mac addresses and such).
> 
> 
> Proposed API:
> 
> POST /api/register-device (OAuth signed)
> Expected data (json encoded dict): device brand, device model(, other
> device specs and capabilites)
> Return value: a unique device id (string, uuid like) that will
> identify this device with the click store
> 
> Use case: the client running in the device will register such device
> against the click store once per "first setup" (for example when first
> booting the device or using the store for the first time, client
> choice) passing the device's metadata/hardware information, through an
> OAuth signed request. The server will generate a unique id, will store
> it (along with the device details) and link to the signing user, and
> will return this (device) id to the client for future usage against
> the API.
> 
> This device id must be passed as API parameter each time this client
> requests an app download to the click store (besides the already known
> package name parameter, using existent API endpoint).
> 
> If no device ID is passed, for backward compatibility and for people
> who would rather we don't track their devices, we'll assume a "default
> device" and move on.
> 
> Are there any concerns with this approach?   Security or otherwise?
> 

Sounds fine to me. Perhaps it should be when the user accesses the store for the
first time, not at first boot.

We have a good reason for doing this: so the store can display apps that are
compatible with the device. It would make sense that it's done when the user
accesses the store for the first time.

Any reason why the device id is generated by the server, and not generated by
the device? (presumably the privacy zealots would rather be able to change it
themselves at some point...)

Marc.

Follow ups

Re: Registering devices
From: Martin Albisetti, 2014-02-20
Re: Registering devices
From: Roberto Alsina, 2014-01-30

References

Registering devices
From: Martin Albisetti, 2014-01-30