Whatsapp, if you are listening, do the following.. Add an extra column to your database table where user 'credentials' are saved. Lets call it 'password'. Or call it realpassword if you're using password for the md5'ed IMEI/MAC. Now, leave it empty for a moment..
On your next client update, force your users to fill in a password. Don't save it plaintext mmkay, drop a whole pot of salt all over it and save it in the password column. If user has a known password, check if their client sent the correct one.
You can still check IMEI or MAC address too if you want, but only as an extra 'check' to verify user is logging in from their mobile and not some fishy desktop client. Again, the latter isn't secure but is meant as a fallback.
Whatsapp, if you are listening, do the following.. Add an extra column to your database table where user 'credentials' are saved. Lets call it 'password'. Or call it realpassword if you're using password for the md5'ed IMEI/MAC. Now, leave it empty for a moment..
On your next client update, force your users to fill in a password. Don't save it plaintext mmkay, drop a whole pot of salt all over it and save it in the password column. If user has a known password, check if their client sent the correct one.
You can still check IMEI or MAC address too if you want, but only as an extra 'check' to verify user is logging in from their mobile and not some fishy desktop client. Again, the latter isn't secure but is meant as a fallback.