I'd like to implement a system that allows recognizing a user even after the app's cache and data have been cleared from the system settings, as X (Twitter) appears to do.
However, I can't figure out how this is possible.
In my case, I don't use any external login (no Google, Facebook, Apple, etc.), but I've noticed that app still recognizes the user even after a complete data clearing, without requesting credentials again.
So I'm wondering:
- Where could the user's login or identification information be stored?
- Are there any Android memory areas or services (such as backup, device ID, or external storage) that can keep the session active?
- How could I implement a similar solution in a React Native app?
I was wondering if it uses Settings.Secure.ANDROID_ID as a unique device signature, and when opening an app, it sends a request to the server, checks its database, and allows access.
Do you think it can do this? Is this a secure method?
ANDROID_IDwill stay the same. Therefore it might be used for identifying the device. Using it as a token credential isn't the best idea as it is only 64bit thus a bit small for a token. Normally tokens have a size of at least 128bit.