Skip to main content

Documentation Index

Fetch the complete documentation index at: https://otpless.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

Device Fingerprint gives every device a stable identifier and a risk score — without relying on cookies, advertising IDs, or any user-visible prompt. The SDK runs passively in the background, collecting device signals and returning a deviceId, a riskScore, and the specific signals that contributed to the score.

Persistent device ID

Unlike advertising IDs or cookie-based identifiers, the OTPless device ID is engineered to survive events that normally reset tracking:
  • App reinstalls
  • Factory resets
  • OS updates
  • Advertising ID resets
This means you can recognise a returning device even when a user creates a new account, allowing you to correlate suspicious behaviour across sessions and identities.

Risk score

Every call to getDeviceIntelligence() returns a risk score from 0 to 100.
Score rangeInterpretation
0–30Low risk — proceed normally
31–70Elevated risk — consider step-up verification
71–100High risk — block or require additional verification
These thresholds are a starting point. Set your own cut-offs based on the sensitivity of the action being performed.

Risk signals

The risk score is derived from a set of device signals. Signals are returned server-side only — they are not included in the client response.
SignalWhat it indicates
VPN activeTraffic is routed through a VPN
Proxy detectedDevice is behind a proxy
EmulatorRunning on an emulated device, not physical hardware
Rooted / jailbrokenOS security model has been compromised
SIM absentNo SIM card present in the device
Cloned deviceDevice identity has been duplicated
Remote access toolAnyDesk, TeamViewer, or similar tool is active
TamperedApp binary has been modified

How to act on the score

Allow

Low score — no unusual signals. Continue the user’s session without interruption.

Step-up

Elevated score — require an additional verification factor before allowing a sensitive action.

Block

High score or critical signal (e.g. emulator, tampered) — deny the request and surface an appropriate error.

When to use it

  • Account creation — flag devices with high risk scores before an account is created
  • Login — identify repeat offenders across account resets
  • Transactions — add a device-level check before fund transfers or profile changes
  • Abuse prevention — detect emulators used in bulk account creation or credential stuffing

Platform support

PlatformStatus
AndroidAvailable
iOSComing soon
WebComing soon
React NativeComing soon
FlutterComing soon
IonicComing soon
Risk signals are served server-side only. Your backend receives the full signal set; the client response includes only deviceId and riskScore.

Integration

Native SDK for Android and iOS — passive, no login widget, no Pre-Built UI or Headless split.

Android SDK

Add Device Fingerprint to your Android app.