10

I'm developing an android application and I'm going to use the LVL library to check google play licence.

After reading the LVL documentation, I've read that I have to obtain the android.Settings.Secure.ANDROID_ID to obfuscate the google play responses.

But I've also read that the ANDROID_ID obtained from TelephonyManager is sometimes the same for different devices.

First, it is not 100% reliable on releases of Android prior to 2.2 (“Froyo”). Also, there has been at least one widely-observed bug in a popular handset from a major manufacturer, where every instance has the same ANDROID_ID

Is that true?

Thanks

Seraphim's
  • 11,736
  • 17
  • 80
  • 126
Eduardo
  • 1,079
  • 4
  • 21
  • 49

3 Answers3

14

Consider my case:

Same serial number on several android devices. Adb is useless. How can I change the serial number?

So I did'nt solved the problem with the ADB but to identify an Android device I use this code (use getDeviceId(context)):

public static String getDeviceId(Context context) {
    String id = getUniqueID(context);
    if (id == null)
        id = Settings.Secure.getString(context.getContentResolver(), Settings.Secure.ANDROID_ID);
    return id;
}

private static String getUniqueID(Context context) {

    String telephonyDeviceId = "NoTelephonyId";
    String androidDeviceId = "NoAndroidId";

    // get telephony id
    try {
        final TelephonyManager tm = (TelephonyManager) context.getSystemService(Context.TELEPHONY_SERVICE);
        telephonyDeviceId = tm.getDeviceId();
        if (telephonyDeviceId == null) {
            telephonyDeviceId = "NoTelephonyId";
        }
    } catch (Exception e) {
    }

    // get internal android device id
    try {
        androidDeviceId = android.provider.Settings.Secure.getString(context.getContentResolver(),
                android.provider.Settings.Secure.ANDROID_ID);
        if (androidDeviceId == null) {
            androidDeviceId = "NoAndroidId";
        }
    } catch (Exception e) {

    }

    // build up the uuid
    try {
        String id = getStringIntegerHexBlocks(androidDeviceId.hashCode())
                + "-"
                + getStringIntegerHexBlocks(telephonyDeviceId.hashCode());

        return id;
    } catch (Exception e) {
        return "0000-0000-1111-1111";
    }
}

public static String getStringIntegerHexBlocks(int value) {
    String result = "";
    String string = Integer.toHexString(value);

    int remain = 8 - string.length();
    char[] chars = new char[remain];
    Arrays.fill(chars, '0');
    string = new String(chars) + string;

    int count = 0;
    for (int i = string.length() - 1; i >= 0; i--) {
        count++;
        result = string.substring(i, i + 1) + result;
        if (count == 4) {
            result = "-" + result;
            count = 0;
        }
    }

    if (result.startsWith("-")) {
        result = result.substring(1, result.length());
    }

    return result;
}

I use it to identify a specific app installation when calling my web services. As you can see I try different approches, based also on TelephonyManager and ANDROID_ID.

What I get is a string like xxxx-xxxx-xxxx-xxxx where x is an hex character.

I bought a lot of low cost China tablets and all of these have the same DEVICE_ID and the same serial number !! So my solution. It's working well for now.

Community
  • 1
  • 1
Seraphim's
  • 11,736
  • 17
  • 80
  • 126
  • You say you track unique app installations. Wouldnt it be easier just to save some generatad string to shared preferences, if one is not saved already, and use it? I mean like use a boolean idGenerated, when first time generating put it to true, and if it is true then get the id from sharedpreferences, this way you would have a unique installation id for each installation. – lxknvlk Dec 03 '15 at 16:20
  • 1
    @lxknvlk I need the same id if I uninstall app and reinstall it. – Seraphim's Dec 03 '15 at 16:24
3

Considering that your quoted passage comes from Google itself, yes, it's true.

CommonsWare
  • 910,778
  • 176
  • 2,215
  • 2,253
  • Presumably since both the concern and the request to use it are coming from Google, the fact that it might not be unique is ultimately disadvantageous (ie, more prone to spoofing/snooping) but hopefully not something that makes the algorithm fail. – Chris Stratton Jun 11 '13 at 14:25
  • So for developing licence check it doesn't matter that ANDROID_ID is not unique, does it? – Eduardo Jun 11 '13 at 14:34
  • @Eduardo: I have never used LVL, so I cannot answer that. I am merely addressing your "Is it true?" question. – CommonsWare Jun 11 '13 at 14:36
  • 2
    Considering my own rating of worst vendors (IMO, no offence here) I'd bet on Samsung. – Den Drobiazko Jun 18 '15 at 12:32
  • 1
    @MatiasElorriaga Its Motorola. [Source](https://groups.google.com/forum/#!topic/android-developers/U4mOUI-rRPY) – Shaishav Nov 14 '16 at 12:55
0
//Fields
String myID;
int myversion = 0;


myversion = Integer.valueOf(android.os.Build.VERSION.SDK);
if (myversion < 23) {
        TelephonyManager mngr = (TelephonyManager) 
getSystemService(Context.TELEPHONY_SERVICE);
        myID= mngr.getDeviceId();
    }
    else
    {
        myID = 
Settings.Secure.getString(getApplicationContext().getContentResolver(), 
Settings.Secure.ANDROID_ID);
    }

Secure.ANDROID_ID is unique for each device.

boraberka
  • 1