Device Fingerprinting

Introduction

Castle's client-side libraries aim to collect device information in order to determine uniqueness of devices. This allows Castle to reliably identify devices for future events, as well as monitor user interactions for anomalies.

The fingerprinting allows detection of, for example, a single device being used to access or register for multiple accounts. It also allows Castle to detect attempts to falsify device information, which is frequently a sign of malicious intent. It is also required for generating a risk score.

Data collection

The data collected by Castle's fingerprinting depends on the device being used. The reason for this variance is that different platforms expose different device properties. In general, the properties include things like screen resolutions, pixel density, video and audio capabilities, installed plugins, and any exposed hardware properties such as number of CPU cores.

Castle does not intentionally collect any sensitive or personal identifiable information, for instance no text strings are collected from the client.

Supported platforms

Fingerprinting is available for the browser (Castle.js) and for various mobile application development platforms, including native iOS, native Android, React Native, and Flutter.

Performance

We strive to make our fingerprinting extremely lightweight and performant.

Our mobile SDK's offer configurable batch-processing settings. The packaged SDK sizes are provided on GitHub.

The Castle.js minified JavaScript snippet for web environments is available exclusively as an NPM package.

Security

The fingerprinting data is represented by a variable called request token which is designed to be generated fresh before each server-side request to Castle's APIs. Tokens are meant to be used only once per server-side request and will expire after 120 seconds. If a request token generated for a specific device is copied and used for a different device, we apply spoof detection in order to detect such tampering.

Open source

Castle's mobile SDKs are open-source repositories on Castle's GitHub account. We welcome the creation of issues and pull requests from the community.


What’s Next
Did this page help you?