Android Unique Device ID: History and Updates

  • Tracking app installs for Marketing Department
  • Identify signed-out users in our Server’s Database without a Signup
  • Identify same users who are using different devices
  • Identify multiple users who are using same device
  • Detecting Fraud in one-time use cases

List of all Identifiers in Android

Let’s look at all identifiers that are unique and discuss the uniqueness of them and see whether we can use them based on the Android OS version or User’s Permission or other conditions or not. Here is the list of identifiers suggested by the Android Official document and also by developers in the community:

  • Secure ANDROID_ID (SSAID)
  • TelephonyManager IMEI
  • Device SerialNumber
  • Wi-Fi MAC address
  • Google Play advertising ID
  • Firebase Installation Id

Secure ANDROID_ID (SSAID)

As Google document says, it is a 64-bit number (expressed as a hexadecimal string) and was randomly generated when the user sets up the device for the first time and remains constant for the lifetime of the user’s device. Also, the value would only change if a factory reset is performed by the user. On devices that have multiple users value of this id is unique to each user. So it’s only scoped by user and device.

  • ANDROID_ID doesn’t need any permission in all Android OS versions.
  • Note that in all Android Versions, the value of ANDROID_ID does not change on package uninstall or reinstall.
  • If you change the sign key of your app, then you would get a new ANDROID_ID in Android 8 and above.
  • If your user update the OS from Android <8 to an Android 8 or above, your user will have a new ANDROID_ID.
  • Based on a blog post in Google, ANDROID_ID is only reliable for devices of manufacturers shipping with Google Play services and Advertising ID and Other device manufacturers may provide an alternative resettable or even a constant id for all device in old Android Versions.
  • ANDROID_ID can be easily changed on a rooted phone.

TelephonyManager IMEI

In the old days of Android development, there was a reliable way to get a unique id for users. This approaches only included the devices that had a SIM inside and it wouldn’t work for Tablets that had no SIM but it covers many Android users. Its implementation was different in the Android version. In a device with an Android OS version lower than Android 8 (API level 26), you should use getDeviceId() and in the newer versions, you should use getImei() from TelephonyManager API. Here was the implementation:

Device SerialNumber

Getting device serial number is the exact same as getting device IMEI which was discussed in the previous section So I skip it here. all the new requirements for getting IMEI are also the same for device serial number too since it’s in TelephonyManager API getSimSerialNumber().

Wi-Fi MAC address

Don’t work with MAC addresses. Google says you shouldn’t use non-resettable identifiers at all. MAC addresses were used to be globally unique in Android devices and they were supposed to survive from factory resets. For protecting users, Google changed MAC addresses access on Android 6 (API level 23) and higher, So the access to MAC addresses is restricted to system apps and third-party apps can’t access them anymore. So this famous block of code won’t work for new Android devices anymore.

Google Play Advertising ID

If you want to track a user (in case of advertising or detect if your marketing strategy is successful) based on their behavior across different apps or sessions on the same device, here is what you are looking for. It’s part of the Google Play service and it means that it only works with devices with Play Service (As you probably know, right now in 2021, we have some devices including Huawei devices that don’t have Play service installed). Let’s see what it is.

dependencies {
....
implementation "com.google.android.gms:play-services-ads-lite:${playServiceVersion}"
}
38400000-8cf0-11bd-b23e-10b96e40000d

Firebase Installation Id

Firebase Installation Id is an app instance identifier and its a replacement for Firebase Instance ID which is now deprecated. This id provides a unique identifier for each app install and a mechanism to authenticate and authorize actions (example: sending FCM messages). FID is stable except when:

  • App deletes Instance ID programmatically
  • User uninstalls the app
  • User clears app data or cache
  • FID deletion is triggered in the backend due to app inactivity (currently the threshold for this is 270 days of inactivity).
implementation 'com.google.firebase:firebase-installations:17.0.0'
var uniqueID = UUID.randomUUID().toString()

Conclusion

Tracking Android devices are not an easy thing, and besides the technical challenges, it has a lot of privacy concerns that you should consider. It’s better to find a solution based on the Scope, Resettability, and Uniqueness of the ID generation for your use cases. Also, you can go for a pseudo Id solution that helps you make a better id for your application by combining all these approaches.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store