Getting different IDs for same device. Why? - android

I am getting different Android IDs for same device for 2 apps in spite of they are being signed with same keystore. This problem is occurring only in Android Oreo OS. Can anyone help me why there are 2 different Android IDS generated?
The method i am using for Android Id -
int deviceId = Settings.Secure.getString(pContext.getContentResolver(), Settings.Secure.ANDROID_ID)

Its behaving as intended. in Android 8.0, the value of ANDROID_ID is now scoped per app means ANDROID_ID is now unique for every app
Please Read about Android 8.0 Behavior Changes
For apps that were installed prior to an OTA to a version of Android 8.0 (API level 26) (API level 26), the value of ANDROID_ID remains the same unless uninstalled and then reinstalled after the OTA. To preserve values across uninstalls after OTA, developers can associate the old and new values by using Key/Value Backup.
For apps installed on a device running Android 8.0, the value of ANDROID_ID is now scoped per app signing key, as well as per user. The value of ANDROID_ID is unique for each combination of app-signing key, user, and device. As a result, apps with different signing keys running on the same device no longer see the same Android ID (even for the same user).

That is the expected behaviour on Oreo and above devices. Device Id is now unique for every app for each user.
Android official documentation:
For apps installed on a device running Android 8.0, the value of
ANDROID_ID is now scoped per app signing key, as well as per user. The
value of ANDROID_ID is unique for each combination of app-signing key,
user, and device. As a result, apps with different signing keys
running on the same device no longer see the same Android ID (even for
the same user).
Link: https://developer.android.com/about/versions/oreo/android-8.0-changes

Since Android 8, android_id is "unique to each combination of app-signing key, user, and device" so as to deny "developers the ability to track users across multiple applications". These unique IDs are stored in
/data/system/users//settings_ssaid.xml.
When android_id value init, the first time set the value?
Which case does the android_id value change?
As evident, android_id "is randomly generated when the user first sets up the device and should remain constant for the lifetime of the user's device" unless a factory reset is performed which clears all settings.
On Android 8+ the app specific android_id "value may change if a factory reset is performed on the device or if an APK signing key changes".
Keeping all in view it doesn't seem a good idea to build a device_id with android_id.

Related

What does "user" mean what they say ANDROID_D is unique to each combination of app-signing key, user, and device

From android documentation,
ANDROID_ID
On Android 8.0 (API level 26) and higher versions of the platform, a 64-bit number (expressed as a hexadecimal string), unique to each combination of app-signing key, user, and device.
Here what does "user" mean?
unique to each combination of app-signing key, user, and device https://developer.android.com/reference/android/provider/Settings.Secure#ANDROID_ID.
Later in the same docs:
On devices that have multiple users, each user appears as a completely separate device, so the ANDROID_ID value is unique to each user.
And following the link there:
Android now allows multiple user spaces on shareable devices such as tablets. Each user on a device has their own set of accounts, apps, system settings, files, and any other user-associated data

different Settings.Secure.ANDROID_ID for same device on Different machine apk

I am getting AndroidId using code String android_id = Settings.Secure.getString(MyApplication.getContext().getContentResolver(),
Settings.Secure.ANDROID_ID);
if i run this code on different machine then I am getting different android_id for same device. Why is it so?
Thanks in advance
See the Android 8.0 Behavior Changes and documentation of ANDROID_ID.
For apps installed on a device running Android 8.0, the value of ANDROID_ID is now scoped per app-signing key, as well as per user. The value of ANDROID_ID is unique for each combination of the app-signing key, user, and device. As a result, apps with different signing keys running on the same device no longer see the same Android ID (even for the same user).
I would strongly recomment to read this post https://developer.android.com/training/articles/user-data-ids
It is not good practice to get unique device Id.
If you still want to do it try
String android_id = Settings.Secure.getString(getApplicationContext().getContentResolver(),
Settings.Secure.ANDROID_ID);
also dont forget that it might be null
Assuming you are talking about debug builds, It may be because you have different debug (Default) keystore.

Android_ID in Android O

We use the below code to get a unique ID:
String id = Settings.Secure.getString(mContext.getContentResolver(),
Settings.Secure.ANDROID_ID);
In the Android O changes guide we can see the below points:
Android O makes the following privacy-related changes to the platform.
https://developer.android.com/preview/behavior-changes.html
The platform now handles identifiers differently.
Values of ANDROID_ID are now scoped per-app instead of per-user. The value of ANDROID_ID is unique for each combination of application package name, signature, user, and device. Two apps running on the same device no longer see the same Android ID, and so cannot correlate.
The value of ANDROID_ID does not change on package uninstall or reinstall, as long as the package name and signing key are the same.
The value of ANDROID_ID does not change if the package signing key changes due to an update.
For apps that were installed prior to the OTA, the value of ANDROID_ID remains the same unless uninstalled and then reinstalled.
If you wish to continue using Android ID for device-bound free trial protection, you can do so. Make sure that the package name and signature match.
For a simple, standard system to monetize apps, use Advertising ID. Advertising ID is a unique, user-resettable ID for advertising, provided by Google Play services.
My understanding of the above is that now the Android_ID going forward will be app bound rather than device bound. However I am confused about the below point:
For apps that were installed prior to the OTA, the value of ANDROID_ID remains the same unless uninstalled and then reinstalled.
If you wish to continue using Android ID for device-bound free trial protection, you can do so. Make sure that the package name and signature match.
1) What does this mean? Unless my app is reinstalled it will continue having the legacy android_id, even if we send an update?
2) If you wish to continue using Android ID for device-bound free trial protection, you can do so. Make sure that the package name and signature match.: what does this mean?
1) Imagine your app has the id abc when installed on an N device. Now when the device gets updated to O the device id returned to you will continue to be abc. However if the user uninstalls and reinstalls the app after upgrading to O, ANDROID_ID will change to some other value.
On the other hand if the app was installed on an O device and is then uninstalled and reinstalled the ANDROID_ID will remain the same.
2) It means that as long as the package name and signature remain the same the value of ANDROID_ID will remain the same. It will also remain the same if your app gets updated on an O device and the signature changes.
Essentially, android will now use the package name/ signature to generate the unique identifier on O.
The android documentation is not explicit about the ANDROID_ID values for applications with different package names but shared User ID value and signed with same key. The tests on Nexus 5, Android O Beta 3 show the value of Android ID for 2 applications is same in this case also.

Does UUID change when factory reset, in Phonegap android

I depends on device.uuid to control my users, Does UUID change when factory reset, in Phonegap android.
If you are talking about device UUID for android , its a random ID generated on first boot of the device. It will stay the same until OS upgrade or Factory Reset. So you can use that id as an unique identifier for the device from your app. This way users don't even need to sign in to your app. Just by opening itself you get a unique (almost) identifier, that you could use.
According to the docs:
A 64-bit number (as a hex string) that is randomly generated when the user first sets up the device and should remain constant for the lifetime of the user's device. The value may change if a factory reset is performed on the device.
Useful articles from android developers Identifying App Installations and Best Practices for Unique Identifiers.
Update with new information:
On Android 8.0 (API level 26) and higher versions of the platform, a 64-bit number (expressed as a hexadecimal string), unique to each combination of app-signing key, user, and device. Values of ANDROID_ID are scoped by signing key and user. The value may change if a factory reset is performed on the device or if an APK signing key changes. For more information about how the platform handles ANDROID_ID in Android 8.0 (API level 26) and higher, see Android 8.0 Behavior Changes.
Note: For apps that were installed prior to updating the device to a version of Android 8.0 (API level 26) or higher, the value of ANDROID_ID changes if the app is uninstalled and then reinstalled after the OTA. To preserve values across uninstalls after an OTA to Android 8.0 or higher, developers can use Key/Value Backup.
Old answer
device.uuid on android it gets the native android.provider.Settings.Secure.ANDROID_ID
According to the docs
A 64-bit number (as a hex string) that is randomly generated when the
user first sets up the device and should remain constant for the
lifetime of the user's device. The value may change if a factory reset
is performed on the device.
Note: When a device has multiple users (available on certain devices
running Android 4.2 or higher), each user appears as a completely
separate device, so the ANDROID_ID value is unique to each user.
So yes, if the user do a factory reset the value may change.

Does android device id changes on android version update?

i want to know does the android device id change when the android version is update to latest. If it changes, how can i get notified about the version change.
This may no longer be a correct answer. The following from https://android-developers.googleblog.com/2017/04/changes-to-device-identifiers-in.html
Android ID
In O, Android ID (Settings.Secure.ANDROID_ID or SSAID) has a different value for each app and each user on the device. Developers requiring a device-scoped identifier, should instead use a resettable identifier, such as Advertising ID, giving users more control. Advertising ID also provides a user-facing setting to limit ad tracking.
Additionally in Android O:
The ANDROID_ID value won't change on package uninstall/reinstall, as long as the package name and signing key are the same. Apps can rely on this value to maintain state across reinstalls.
If an app was installed on a device running an earlier version of Android, the Android ID remains the same when the device is updated to Android O, unless the app is uninstalled and reinstalled.
The Android ID value only changes if the device is factory reset or if the signing key rotates between uninstall and reinstall events.
This change is only required for device manufacturers shipping with Google Play services and Advertising ID. Other device manufacturers may provide an alternative resettable ID or continue to provide ANDROID ID.
Device ID is a 64-bit number (as a hexadecimal string) that is randomly generated on the device’s first boot and should remain constant for the lifetime of the device, though the value may change if a factory reset is performed on the device.
The device ID does not change when the Android version is updated to the latest version. If you want to change your device ID then visit here.
Yes it changes,
I found that device ID changed in my case. In my app each device is connected with my database for certain special tasks, varies device by device and I uniquely identify each device by Settings.Secure.ANDROID_ID which gives me device unique ID.
But I found that that it changed on one of Samsung android device and disconnected from Database Server.

Categories

Resources