Mobile Device Fingerprinting SDK | iOS Fingerprinting SDK

<< Back to Categories

iOS Fingerprinting SDK

About the iOS Fingerprinting SDK

The IPQS Mobile Device Fingerprinting SDK protects iOS apps against sophisticated fraud and abuse from high-level bad actors. IPQS uses a mix of JS device fingerprinting and mobile SDK device fingerprinting to enable your iOS app to accurately identify fraud and abusive behavior with mobile device fingerprinting techniques. Verify new or returning users and identify high-risk behavior, including:

Mobile emulators
Residential botnets
Location spoofing
GPS tampering
Bots
Non-human requests
Fake accounts
Install fraud
and hijacked devices.

IPQS makes it easy to detect duplicate accounts, bonus abuse, fraudulent users, fake installs, and more.

Integrating the SDK

Note: The Mobile Device Fingerprinting SDK package requires iOS 14.0 or later.

1. Create a Mobile App in IPQS

Before integrating the SDK package, you will need to have created a new mobile app in your IPQS account.

2. Configure Authentication

The SDK is distributed via Swift Package Manager. Before adding the SDK, you will need to configure authentication to allow access to this private repository.

Create or edit the ~/.netrc file in your home directory.
The ~/.netrc file should have restricted permissions. Set correct permissions for the ~/.netrc file by running chmod 600 ~/.netrc.
Add the following to ~/.netrc, replacing YOUR_IPQS_EMAIL and YOUR_SDK_API_KEY with your IPQS email address and the SDK API key created when you made the mobile app in your IPQS account:

machine downloads.ipqualityscore.com login YOUR_IPQS_EMAIL password YOUR_SDK_API_KEY

3. Add the SDK via Swift Package Manager

In Xcode, from the File menu, select Add Package Dependencies....
Enter the repository URL:

https://github.com/ipqualityscore/iOS-Mobile-Fingerprinting-SDK
Select the latest release.
Click Add Package.

4. Add Info.plist Values

If you don't have an Info.plist file:

In Xcode, from the Project menu, select the Target submenu, then Info.
Add a new line and paste the following into the key value (Xcode will change this to "Queried URL Schemas"):

LSApplicationQueriesSchemes
If not done automatically, set the type to array.
Expand the newly added line to expose the array values.
An empty value will already have been created with type string.
Paste the following into the empty value:

undecimus
Add a new line with the following value:

cydia
Repeat the previous step by adding new lines with the following values:

sileo

zbra

filza

activator

If you already have an Info.plist file:

Right click on your Info.plist file and select Open As then Source.
Add the following:

<key>LSApplicationQueriesSchemes</key> <array> <string>undecimus</string> <string>sileo</string> <string>zbra</string> <string>filza</string> </array>

5. Import the Mobile SDK Package

Add import IPQualityScore to the import list at the top of any file in which you want to call the API functions.

6. Set the API Key

Set the API key in any file in which you want to call the API functions:

MobileTracker.apiKey = YOUR_API_KEY_HERE

Usage

Add Custom Tracking Variables

The following code allows for passing custom tracking variables such as a user ID, transaction ID, click ID, and similar identifiers to associate a mobile device fingerprint request with a specific user or action:

// Pass custom variables to pending request
MobileTracker.addCustomVariable("userID", value: "1234");
// then call main mobile fingerprint request which will append the variables above

Mobile Device Fingerprinting

// Call the mobile fingerprint request
MobileTracker.mobileTracker(success: {(result) in
    // From here you can access any of the items in the object
    print(result.message);
}, failure: {(error) in
    print("mobileTracker Error: \(error.localizedDescription)");
})

Email Verification Lookup

// Insert any email you want to test below
MobileTracker.verifyEmail("INSERT_TEST_EMAIL@EXAMPLE.COM") { result in
    // From here you can access any of the items in the object
    print(result.message);
} failure: { error in
    print("emailValidation Error: \(error)");
}

IP Address Reputation Lookup

// You can get the IP address from the Mobile Fingerprint response
MobileTracker.verifyIPaddress("INSERT_TEST_IP_ADDRESS_HERE") { result in
    // From here you can access any of the items in the object
    print(result.message);
} failure: { error in
    print("verifyIPAddress Error: \(error)");
}

Phone Number Verification Lookup

// Insert any phone number to test below
MobileTracker.verifyPhone("INSERT_TEST_PHONE_NUMBER_HERE") { result in
    // From here you can access any of the items in the object
    print(result.message);
} failure: { error in
    print("verifyPhone Error: \(error)");
}

Advanced Options

Name	Description	Type	Example
customEndpoint	Sets a custom endpoint. When not set, remains null and directs to the default endpoint. This will not work if an endpoint is not configured with our Support team. Contact our Support team for inquiries on setting up a custom endpoint.	String	MobileTracker.customEndpoint = "YOUR_CUSTOM_ENDPOINT"
askLocationPermission	When set to false , IPQS will not collect the user's location regardless of permissions granted to the app. When set to true, IPQS will request to obtain the user's location and collect it if the permission is granted. This variable is set to false by default.	Bool	If not already managing location permissions, you will need to add a usage description in your info.plist file. Add a new line with the key NSLocationWhenInUseUsageDescription. Set the type to string , and add a description for why your app needs access the user's location. <key>NSLocationWhenInUseUsageDescription</key> <string>Your reasoning for using location</string> In your app, set the configuration option with: MobileTracker.askLocationPermission = true
askLocalNetworkPermission	When set to false, IPQS will not collect information on the local network, which will affect the quality of the Score in some cases. When set to true, IPQS will ask the user for local network devices permission. This variable is set to false by default.	Bool	MobileTracker.askLocalNetworkPermission = true
checkClipboard	When set to false, IPQS will not paste from the user's clipboard, which may affect the detection of some fraudulent behaviors. When set to true, IPQS will check the user's clipboard as soon as the mobileTracker function is invoked, which will cause iOS to show a toast message at the top of the screen, informing the user of the event.	Bool	MobileTracker.checkClipboard = true
captureAdvertisingID	When set to false, IPQS will not attempt to capture the device's advertising ID. When set to true, IPQS will request permission to access the device's advertising ID and collect it if permission is granted.	Bool	Requires the device to have Allow Apps to Request to Track enabled. In Settings > Privacy > Tracking, set Allow Apps to Request to Track to True. You will need to add a usage description in your info.plist file. Add a new line with the key NSUserTrackingUsageDescription. Set the type to string , and add a description for why your app needs access the device's advertising ID. <key>NSUserTrackingUsageDescription</key> <string>Your reasoning for using location</string> In your app, set the configuration option with: MobileTracker.captureAdvertisingID = true

Retrieve Results

Note: Before using either of these methods, make sure your initial API request passed a valid userID value (or any variable of your choice) using the addCustomVariable function. The variable name must be set on your custom tracking variables.

Postback Example to Retrieve Latest Request by UserID

This method uses the Postback API to retrieve requests by userID. Replace XX with the specific user ID you want to retrieve requests for.

Retrieve multiple requests with the Request List API

This method uses the Request List API to retrieve requests by userID. Replace XX with the specific user ID you want to retrieve requests for.

Result Methods

Our SDK offers various result methods and functions to enhance your experience and help prevent fraudulent activity.

Field	Description	Type
message	Get the response message string for this request. This usually returns "Success" but can include administrator-level information on why a request failed.	String
success	A boolean containing the request's success or failure status. "True" on success, "false" on failure.	Boolean
request_id	The unique ID associated with this request. Helpful for debugging and postbacks.	String
fraud_score	Number 0 - 100 describing how likely this device is to commit fraud. 0 being not at all, 100 being definitively fraudulent. We suggest blocking users greater than 85.	Float
country_code	A two-character country code based on this user's IP address.	String
region	A string describing the region this user's IP is from.	String
city	A string describing the city this user's IP is from.	String
ISP	A string describing the ISP this user's IP belongs to.	String
organization	A string describing the Organization to which this user's IP belongs.	String
ASN	The ASN assigned to the ISP to which this user's IP belongs.	Integer
latitude	The latitude where this user's IP is located.	Float
longitude	The longitude where this user's IP is located.	Float
is_crawler	Returns "true" if this user's IP is from any of the following search engine crawlers: Baidu, Google, Bing, Yahoo, Yandex, Sogou, Exabot, DuckDuckGo, Facebook, Twitter, Pinterest, Naver, UptimeRobot, AppleBot, ArchiveBot, CoccocBot, YisouBot, PetalBot, ByteDance, and MailRU.	Boolean
timezone	Returns the timezone this user's IP is from.	String
host	Returns the hostname of this user's IP address.	String
proxy	Returns "true" if this user's IP is a known proxy.	Boolean
vpn	Returns "true" if this user's IP is a known VPN.	Boolean
tor	Returns "true" if this user's IP is a known or suspected TOR node.	Boolean
recent_abuse	Returns "true" if this user's IP has been reported for being abusive recently or if this device has been seen performing abusive actions.	Boolean
bot_status	Returns "true" if this user's IP has been reported for botting or if this device has been seen performing bot-like actions.	Boolean
connection_type	Classification of the IP address connection type as "Residential", "Corporate", "Education", "Mobile", or "Data Center".	String
device_suspicious	Returns "true" if this device has suspicious properties or has been seen performing suspicious activities recently.	Boolean
device_emulated	Returns "true" if this device has been emulated or appears to have been emulated.	Boolean
device_id	A unique identifier for this device.	String

Troubleshooting

Error Code	Description	Solution
REWSC-404	The API key is missing or invalid.	Confirm you have set up the API key correctly and that the API key is correct.

Ready to eliminate fraud?

Start fighting fraud now with 1,000 Free Lookups!

We're happy to answer any questions or concerns.

Chat with our fraud detection experts any day of the week.

Call us at: (800) 713-2618

Schedule a Demo Sign Up