If I use phone A's number to verify an app'X' on phone B. And then install app'X' on phone A and verify the app with its number, Then I have verified two handsets with same mobile number. How can I detect this on the server and restrict such operation ? This can usually happen when the user owns both the handset/phones.
you can get the IMEI Number of both phones by this code :
TelephonyManager telephonyManager = (TelephonyManager)getSystemService(Context.TELEPHONY_SERVICE);
String IMEI = telephonyManager.getDeviceId();
and check that the IMEI Number is differ for both phones because IMEI number is unique for every device.
And you should add the following permission into your Manifest.xml file:
<uses-permission android:name="android.permission.READ_PHONE_STATE"/>