Login/Register
Android ID as an alternative to Device ID
Asked Answered
Solved androidandroid-6.0-marshmallowruntime-permissions
E

1

8

My apps have always used DeviceId as a unique identifier and this, of course, requires READ_PHONE_STATE as a permission. That has been ok in the past but now I have migrated to Marshmellow 23 where asking for this permission displays a very scary dialog at run time saying...

"Allow {my app} to make and manage phone calls?"

That's a pretty hideous message for an app that just wants to get deviceId.

I'm thinking of switching over to Android ID as it doesn't require any permission.

String androidId = Settings.Secure.getString(getContentResolver(), Settings.Secure.ANDROID_ID);

Googling around I see there have been some problems using android ID but it's all old stuff. Back in Froyo days there was a phone vendor that produced the same ID for all of their phones but that's about all I have seen.

Is anyone aware of any problems using Android ID? Thanks, Dean

Erroneous answered 20/8, 2016 at 23:27 Comment(0)
K
6

What unique identifier you choose to use depends heavily on what specific use case you need the identifier for. The Best Practices for Unique Identifiers training goes through many common use cases and which identifier to use. They do have a number of tenents of working with Android Identifiers:

1: Avoid using hardware identifiers. Hardware identifiers such as SSAID (Android ID) and IMEI can be avoided in most use-cases without limiting required functionality.

2: Only use Advertising ID for user profiling or ads use-cases. When using an Advertising ID, always respect the Limit Ad Tracking flag, ensure the identifier cannot be connected to personally identifiable information (PII) and avoid bridging Advertising ID resets.

3: Use an Instance ID or a privately stored GUID whenever possible for all other use-cases except payment fraud prevention and telephony. For the vast majority of non-ads use-cases, an instance ID or GUID should be sufficient.

4: Use APIs that are appropriate to your use-case to minimize privacy risk. Use the DRM API API for high value content protection and the SafetyNet API for abuse prevention. The Safetynet API is the easiest way to determine whether a device is genuine without incurring privacy risk.

In the vast majority of cases, Android ID is still not the right thing to use.

Kleist answered 20/8, 2016 at 23:35 Comment(2)
I think IMEI is the only thing to prevent users for re-installing trial software but in my case a UUID will do the trick. Thanks for the answer.Erroneous
@Kleist I have one doubt , please help me on that, How to get the unique ID of the user which can not change even wipe out data from the device, I heard about the "Advertisement ID", is it solve my problem, Please help me on it. ThanksSunbeam

© 2022 - 2024 — McMap. All rights reserved.