Device Intelligence
Device intelligence collects and analyzes device characteristics to identify fraud, detect suspicious behavior, and prevent application abuse.
How Device Intelligence Works
┌─────────────────────────────────────────────────────────┐
│ USER'S DEVICE │
│ Browser, OS, Hardware, Network, Location │
└─────────────────────────┬───────────────────────────────┘
│
v
┌─────────────────────────────────────────────────────────┐
│ DEVICE FINGERPRINTING │
│ Collect 100+ signals to create unique identifier │
└─────────────────────────┬───────────────────────────────┘
│
v
┌─────────────────────────────────────────────────────────┐
│ FRAUD DATABASE │
│ Check against known fraudulent devices │
└─────────────────────────┬───────────────────────────────┘
│
v
┌─────────────────────────────────────────────────────────┐
│ RISK ASSESSMENT │
│ Calculate device risk score (0-100) │
└─────────────────────────────────────────────────────────┘
Collecting Device Data
Device data is submitted server-side via the REST API. Collect the relevant device signals (IP address, user agent, etc.) from your application and submit them to the analyze endpoint.
API Submission
curl -X POST https://api.bytrustgate.com/api/v1/device-intel/analyze \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"applicant_id": "550e8400-e29b-41d4-a716-446655440000",
"device_data": {
"fingerprint": "fp_abc123...",
"signals": {...}
}
}'
Mobile Integration
Coming soon: Native mobile SDKs for React Native, iOS, and Android are under development. For now, collect device data via the REST API:
curl -X POST https://api.bytrustgate.com/api/v1/device-intel/analyze \
-H "X-API-Key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"ip_address": "203.0.113.1", "user_agent": "Mozilla/5.0..."}'
Device Signals Collected
Browser Signals
| Signal | Description |
|---|---|
| User agent | Browser and version |
| Language | Browser language settings |
| Timezone | Local timezone |
| Screen resolution | Display dimensions |
| Color depth | Display color capability |
| Plugins | Browser plugins installed |
| Canvas fingerprint | Graphics rendering signature |
| WebGL fingerprint | 3D rendering signature |
| Audio fingerprint | Audio processing signature |
Network Signals
| Signal | Description |
|---|---|
| IP address | Connection IP |
| IP geolocation | Derived location |
| ISP | Internet service provider |
| Connection type | Wifi, cellular, etc. |
| VPN detection | VPN/proxy indicators |
| Tor detection | Tor network usage |
Device Signals
| Signal | Description |
|---|---|
| Operating system | OS type and version |
| Device type | Desktop, mobile, tablet |
| Device model | Specific device model |
| CPU cores | Processor information |
| Memory | Available RAM |
| Touch support | Touchscreen capability |
| Battery | Battery status (mobile) |
Device Risk Score
Get Device Analysis
curl -X GET "https://api.bytrustgate.com/api/v1/device-intel/check-ip/{ip_address}" \
-H "Authorization: Bearer YOUR_API_KEY"
Response
{
"device_id": "dev_789012",
"fingerprint": "fp_abc123def456",
"risk_score": 72,
"risk_level": "high",
"first_seen": "2025-01-15T10:00:00Z",
"application_count": 5,
"risk_factors": [
{
"factor": "multiple_applications",
"severity": "high",
"details": "5 applications from this device in 7 days"
},
{
"factor": "vpn_detected",
"severity": "medium",
"details": "Commercial VPN service detected"
},
{
"factor": "timezone_mismatch",
"severity": "medium",
"details": "Browser timezone doesn't match IP location"
}
],
"associations": {
"applicants": ["app_001", "app_002", "app_003", "app_004", "app_005"],
"ips": ["192.168.1.1", "10.0.0.1"],
"locations": ["New York, US", "London, UK"]
}
}
Risk Factors
High Risk Indicators
| Factor | Risk Contribution | Description |
|---|---|---|
device_previously_fraudulent | +40 | Device linked to confirmed fraud |
device_emulator | +35 | Virtual device detected |
device_rooted_jailbroken | +25 | Modified OS detected |
multiple_applications | +20 | Many apps from same device |
tor_network | +25 | Tor exit node detected |
Medium Risk Indicators
| Factor | Risk Contribution | Description |
|---|---|---|
vpn_detected | +15 | VPN or proxy in use |
datacenter_ip | +15 | IP from hosting provider |
timezone_mismatch | +10 | Timezone inconsistency |
browser_automation | +20 | Automation tools detected |
incognito_mode | +5 | Private browsing |
Low Risk Indicators
| Factor | Risk Contribution | Description |
|---|---|---|
new_device | +5 | First time seeing device |
unusual_browser | +5 | Uncommon browser |
outdated_browser | +5 | Old browser version |
Available Endpoints
| Method | Endpoint | Description |
|---|---|---|
POST | /api/v1/device-intel/analyze | Submit device data for analysis |
GET | /api/v1/device-intel/applicant/{applicant_id} | Get devices for an applicant |
GET | /api/v1/device-intel/session/{session_id} | Get device data for a session |
GET | /api/v1/device-intel | List device fingerprints |
GET | /api/v1/device-intel/stats | Get fraud detection statistics |
GET | /api/v1/device-intel/check-ip/{ip_address} | Quick IP reputation check |
Workflow Integration
Auto-Flag High-Risk Devices
curl -X POST https://api.bytrustgate.com/api/v1/workflows/rules \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"rule_id": "flag_risky_device",
"trigger": "device_analyzed",
"conditions": {
"all": [
{"field": "device_risk_score", "operator": "gte", "value": 70}
]
},
"actions": [
{
"type": "add_flag",
"flag": "high_risk_device"
},
{
"type": "create_case",
"case_type": "fraud",
"priority": "high"
}
]
}'
Privacy Considerations
- Device fingerprinting complies with GDPR when proper consent is obtained
- No PII is collected directly - only device characteristics
- Data retention follows your configured policies
- Users can request device data deletion
Next Steps
- Email Verification - Email risk assessment
- Phone Verification - Phone validation
- Risk Signals - All fraud signals