There is going to be a an application on the phone, which a student/personnel can't log out of. To log out you'd need authenticators existing in applications with the management, along with a log-out request that must be accepted first.
As for taking attendance itself, at the end of each lecture, a professor would share an OTP, or a qr that changes every 5 seconds and is also valid for that period. Even before, one can scan the QR code, there would be a biometric and a geolocation check. Once all of this is complete, the attendance metadata would be sent to a server hosted in-house, and presence will be acknowledged. The problem is in someways, this system is still not foolproof. And this is the place where I need help.
Not every phone has biometrics but even if it does, it provides little practical security value in this case. It's unlikely that someone will share their phone but in case they are inclined to do so, what will prevent them from enrolling a classmate as a guest user?
Posting/scanning QR/OTP codes and authenticating users is logistically inconvenient and time consuming for both teacher and students.
QR/OTP can be photographed and sent to classmates that are not present.
An easy and nearly foolproof circumvent is to simply setup an empty/spare phone that can be passed to a classmate to use for logging you in.
Last but not least, it may not be legal to *require* a battery draining app installed on student's phones.
Bottom line --- It's difficult if not almost impossible to implement strong security using only devices that others control.
