ANDROID_ID is often suggested as a unique identifier for Android devices. It's described as a "A 64-bit number (as a hex string) that is randomly generated when the user first sets up the device and should remain constant for the lifetime of the user's device. The value may change if a factory reset is performed on the device." (see: http://developer.android.com/reference/android/provider/Settings.Secure.html )
But I've seen some accounts on the web that the generation of the ANDROID_ID may be somehow related to or dependent on access to Google account information. For example here https://groups.google.com/forum/#!topic/android-developers/Rn15F7Ku4GM and here: https://groups.google.com/forum/#!msg/android-developers/y8nUytSKf7c/9kKLPjDrrEIJ.
The Android devices we ship with our products are unboxed and get their software installed in a secure environment without internet access - wifi yes, but no internet- and many of our customers are also high-security sites which also block outside access. Our Android devices are not associated with any sort of Google account. Does ANDROID_ID have any dependencies on internet access, Google accounts or Google Play?
The AOSP source code states in a comment:
A 64-bit number (as a hex string) that is randomly generated on the device's first boot and should remain constant for the lifetime of the device. (The value may change if a factory reset is performed on the device.)
This explicitly refers to first boot, not to first internet interaction etc. (The text you plucked from the docs is less clear, stating "when the user first sets up the device").
Related
I have an application in which I want to identify the device with Unique ID,
I have tried multiple solutions but doing after phone reset unique ID gets changed(like ANDROID_ID)
I have used below StackOverflow links which are not usable now.
Is there a unique Android device ID?,
How to get unique device numer in Android?,
Get Unique ID of Android Device?,
How to get unique device hardware id in Android?,
Get unique device ID in android
Android Q has restricted access for IMEI and serial number. It is available only for platforms and apps with special carrier permission. Also, permission READ_PRIVILEGED_PHONE_STATE is not available for non-platform apps.
Many people may mark this as duplicate but please note that
I am looking for a unique id that will last for a device. (which will not change even after resetting/formating the device)
It's not possible in latest Android versions by design to prevent apps from tracking devices due to privacy reasons. Especially if you want to track after a device factory reset as mentioned.
See Best Practices Guide
Recommendation is to use Advertising ID and not associate it with any hardware identifiers. You may identify the user account, but not the device itself. This allows the user to change the user account if they deem necessary or uninstall/reinstall the app at worst.
Play Store policy notes
Association with personally-identifiable information or other identifiers. The advertising identifier must not be connected to personally-identifiable information or associated with any persistent device identifier (for example: SSID, MAC address, IMEI, etc.) without explicit consent of the user.
Now, you may track a device as long as
you don't distribute your app via the play store (i.e sideloading, but you do risk getting booted if Play Protect on device may notice you. I can't remember the default setting, but if the device has play services, it may scan sideloaded apps and remove them if it finds malicious behavior.)
Use hardware identifiers on older versions of Android, (still subject to Play Protect, and also Play Store if you distribute through there) or force users to use a custom ROM
I am new to Android Development so i do not have much knowledge about the Android Unique Ids and whether Play Store will accept my app or ask for me to include any PP. Purpose of using this is to identifier that which user is interested in the promotions that i will provide in my App (For this purpose I have my own view similar to Admob banner).
Please let me know that how i can achieve this.
I use Settings.Secure.ANDROID_ID
A 64-bit number (as a hex string) that is randomly generated when the user first sets up the device and should remain constant for the lifetime of the user's device. The value may change if a factory reset is performed on the device.
android.provider.Settings.Secure.getString(
context.getContentResolver(), Settings.Secure.ANDROID_ID);
It gets reset if user performs factory reset of device.
I'm developing an application using Adobe Flash (AS3) which runs mainly on tablets.
I would like users to pay. So they have to activate their application.
To do this I thought about providing an activation Code that is built using a univoque Device Identifier (UDID)
So, the customer provides me his UDID and I return the activation code which works only on his device.
My problem is (I searched everywhere)... how can I obtain an UDID using AS3?
Or also, do you suggest a different approch to reach my goal?
Thank you very much!
Daniele
There is no single correct solution to what you are asking , It depends entirely on your needs and kind of app you are publishing.
createUID() function in mx.utils package Generates a UID (unique
identifier) based on ActionScript's pseudo-random number generator and
the current time.
But that may not help you as this ID is not machine dependent , user can simply publish his UID and your authentication key . User may need to install the app in other of his devices, user may accidentally delete the file which will delete the originally generated UID too.
A 64-bit number (as a hex string) is randomly generated when the user first sets up the device and remains constant for the lifetime of the user's device. The value may change if a factory reset is performed on the device.This is accessible using java by constant ANDROID_ID there is no library in ActionScript-3 to access this . But you can use this ane to get it.
Or You can use a sign in from facebook using this ane or google+ and use the customers unique id from there , but it would require him to give your app permissions to view some basic information.
What's the purpose of Android Development device id, under Developer Options on ICS? I've googled and found nothing.
The device id is yet another manner that your apps can be linked to your phone. Most apps are linked to your account, but some, particularly those that you could not pay for via market, used device id so that you could not buy an app and then install it on several devices.
It used to be hidden only, and maybe after the final is out, it will be hidden again.
for more information -
http://androidforums.com/motorola-droid-bionic/584694-ics-development-device-id.html
May be this will help you......
Every device has an android device ID, the only (user) way to reset this ID is to use android's reset to factory defaults options - so this ID should remain constant unless a phone is sold/transfers ownership etc. The ID should be unique across all devices across all time.
These properties make it a very useful thing to store licences/security against.
Is it "safe" to install Android Device Administration applications on my personal device?
Can my company read my private data with that application?
My company recently adopted a policy to install an enterprise application on each employee's smartphone. The application should be installed from 3rd party market that is operated by the comapny, and requires Device Administration privilege.
Even though the application does not require 'root' privilege, and Device Administration API is not related to reading data inside the phone, I'm still not sure that my personal data is safe to my company.
FYI, the API includes changing password, wipe out data, disable camera, and so on.
(link)
As you have mentioned yourself Device Administration API does not relate to phone data per se. The permissions given with this permission are as follows:
USES_ENCRYPTED_STORAGE A type of policy that this device admin can use: require encryption of stored data.
USES_POLICY_DISABLE_CAMERA A type of policy that this device admin can use: disables use of all device cameras.
USES_POLICY_EXPIRE_PASSWORD A type of policy that this device admin can use: force the user to change their password after an administrator-defined time limit.
USES_POLICY_FORCE_LOCK A type of policy that this device admin can use: able to force the device to lock vialockNow() or limit the maximum lock timeout for the device via setMaximumTimeToLock(ComponentName, long).
USES_POLICY_LIMIT_PASSWORD A type of policy that this device admin can use: limit the passwords that the user can select, via setPasswordQuality(ComponentName, int) and setPasswordMinimumLength(ComponentName, int).
USES_POLICY_RESET_PASSWORD A type of policy that this device admin can use: able to reset the user's password via resetPassword(String, int).
USES_POLICY_WATCH_LOGIN A type of policy that this device admin can use: able to watch login attempts from the user, via ACTION_PASSWORD_FAILED, ACTION_PASSWORD_SUCCEEDED, and getCurrentFailedPasswordAttempts().
USES_POLICY_WIPE_DATA - A type of policy that this device admin can use: able to factory reset the device, erasing all of the user's data, via wipeData(int).
The one's which would probably relate explicitly to "privacy" would probably be the ability to monitor, how many failed password attempts has been made, when correct password has been entered and minimum safe password. Other than that it does not make it any more privacy worrying than any other app.
That being said, this in no way makes this app "safe" to install. Some permissions you should be checking would be all the READ_ permissions. http://developer.android.com/reference/android/Manifest.permission.html .
These will give the app direct access to alot of personal information, such as when calls are made who it is made to, what sms's your receive and send. Also READ_EXTERNAL_STORAGE is another big one. It allows apps to read ANY data on external storage which may often contain personal data, i.e. Downloaded images, Screenshots etc, as well as even App data of poorly coded apps (where there are MANY on the market which just leave credentials in clear text on your SDCard).
The RECEIVE_ permissions likewise are able to intercept incoming messages/calls/mms etc.
USE_CREDENTIALS is obviously a privacy risk as well, as it can use tokens that you possess to request data from external API sources (i.e. your Gmail)
Also there are many permissions which don't even need permissions. For example getPackageManager() allows apps to find out a entire list of app the apps you've got downloaded. So they know that you have angry birds or any other naughty apps installed ;)
What I'm trying to say is, this permission itself isn't a massive red light on privacy. But the fact they are installing an App (unless open sourced and MD5 verified) there are many other ways to access "private" information already. Not installing an app will always provide more protection than installing one. Hope that helps.