For one research project, hundreds of test subjects were given mobile phones on which a special was installed. software that collects data on the level of noise, light, motor activity, etc., and sends them to the server. The data are identified by the IMEI code of the device from which they came.

It is necessary to organize the entrance to the site for the subjects, where they will be able to see some statistics on the data collected from their device.

The study is anonymous, and I want to avoid collecting any data such as email. mail or phone numbers. It happens in Europe, then the hellish laws to that effect. Even if all the subjects are “their own” :)

What is the best way to organize authorization / login to the site, without registering users, but based only on the fact that they now have this device?

While the only option is to force the mob. developers add a function to the software so that it generates a temporary token, for example. MD5 dates and IMEI device, and the server would check it (and + - 1 day for each). Those. I got the phone, opened the program, entered a temporary token - entered, saw my statistics.

How would you do this better and wittier, without finalizing the mob. customer?

  • And what to do with the army of "gray" phones that have the same IMEI? - ReinRaus 1:53 pm
  • one
    And why does this task need authentication at all? The study is anonymous. Let everyone all look, everyone probably knows their IMEI, but it’s unlikely they can compare a stranger with a specific person. - avp
  • why date? such as a phone, then give it to others, and so that former users do not look at someone else’s statistics? IMHO, it would be better not to be stitched on IMEI on the guid. received a guid (in software) - given to the subject, according to this guide you can watch the statistics. I need to give another device again a guid, and so on ... how I can do something without making changes to the client, I have no idea. - Yura Ivanov

1 answer 1

Just from the point of view of Europe, it is better to make logins like user1, user2, etc.

You can print them on pieces of paper into envelopes, and arrange a lottery :) So everyone was sure that you didn’t know who was assigned to which login.

Just publishing if you run the risk of running into poshapka, with the general wording, that this is an individual ID that the user can not change.

Safer - anonymous registration on the site, especially if you are not too fundamentally + - a couple of people.

By the way, if you work with the World Bank or Germany (and the Vatican yet), then it is better to collect written statements from the people that they are not against your software collecting these, these, and these data automatically. You can read the license terms of Yandex-maps for mobile devices. It was well written there.