Unique Android Device ID after MarshMallow warning "get device identifiers is not recommended"?

Question

I saw one of my best question Is there a unique Android device ID?

Edited:

I need a solution for Android 10 too.

I used some following code to get Unique Id.

public static String getDeviceId(Activity context) {

    PermissionsChecker checker = new PermissionsChecker(context);

    if (checker.lacksPermissions(Manifest.permission.READ_PHONE_STATE))
        PermissionsActivity.startActivityForResult(context, 0, REQUIRED_PERMISSION);
    else {
        TelephonyManager tm = (TelephonyManager) context.getSystemService(Context.TELEPHONY_SERVICE);

        final String tmDevice = tm.getDeviceId();
        final String androidId = Settings.Secure.getString(context.getContentResolver(), Settings.Secure.ANDROID_ID);

        UUID deviceUuid = new UUID(androidId.hashCode(), ((long) tmDevice.hashCode() << 32));

        return deviceUuid.toString();
    }
    return null;
}

But I am getting some warning on hover on

tm.getDeviceId();

and

Settings.Secure.getString(context.getContentResolver(), Settings.Secure.ANDROID_ID); as following:

Using getString to get device identifiers is not recommended.

Using device identifiers is not recommended other than for high value fraud prevention and advanced telephony use-cases. For advertising use-cases, use AdvertisingIdClient$Info#getId and for analytics, use InstanceId#getId.

Is there any solution? Is it harmful or anything else?

You can use IMEI number as unique identifier. And this is just warning as now a days hacker root phones and change the device id . — rushank shah, Oct 27 '16 at 11:26
as per my exp...it is always best to generate unique server key rather than depending on app (if you are using it) — H Raval, Oct 27 '16 at 11:43
look at here , may help you : https://developer.android.com/training/articles/user-data-ids.html#version_specific_details_identifiers_in_m — Saeid, Jan 01 '17 at 19:57
As I know, ANDROID_ID will changed after formatted & factory reset — nani, Jan 02 '17 at 07:32
@rushankshah IMEI no will not work for Tables which don't have sim cards. — Pratik Butani, Mar 16 '20 at 13:25
@PratikButani IMEI will also not work from android 10 and above. Alternatively you can check official doc for unique identifier `https://developer.android.com/training/articles/user-data-ids` — rushank shah, Mar 16 '20 at 17:44

score 1 · Answer 1 · answered Mar 16 '20 at 13:21

The very easy answer is if you need to uniquily identify each user of your app create a random id at first use.

    UUID.randomUUID().toString()

You can save it in SharedPreferences and the easy work is done. No permissions needed

The problem is that it wont help you if user unninstall and reinstall the app.

One easy trick that is possible to do until android 10 (and wont be possible anymore on android 11 according to google) is save it in a hidden file in the external storage...

then on first use of app you look for such file, if it exists read the UUID, case not generate a new one and save the file.

The problem with this strategy is YOU NEED WRITE_EXTERNAL_STORAGE PERMISSION

in case this isnt a problem simple do...

new File(Environment.getExternalStorageDirectory().getAbsolutePath() + File.separator + ".my_hidden_folder").mkdir();

Any file saved inside this folder will be hidden to user, wont be removed on unninstall of your app

I personally use

Settings.Secure.getString(getContentResolver(), Settings.Secure.ANDROID_ID);

This isn't harmful is just that google dont like you doing it

score 1 · Answer 2 · answered Mar 22 '20 at 01:42

It's the limitation added in Andorid Q that getDeviceId will work for only system Apps.If you try to use this it will throw exception

SecurityException: getDeviceId: The user 10196 does not meet the requirements to access device identifiers.

You can read more Andorid Q Changes from this link

Anyhow after searching and seeing many solutions i found this one which is working for every Android for getting UUID works great.

//This method is fully compatible with Android 1 to Android 10
public static String getDeviceUUID(Context context) {
    String serial = null;
    String m_szDevIDShort = "35" +
            Build.BOARD.length() % 10 + Build.BRAND.length() % 10 +
            Build.CPU_ABI.length() % 10 + Build.DEVICE.length() % 10 +
            Build.DISPLAY.length() % 10 + Build.HOST.length() % 10 +
            Build.ID.length() % 10 + Build.MANUFACTURER.length() % 10 +
            Build.MODEL.length() % 10 + Build.PRODUCT.length() % 10 +
            Build.TAGS.length() % 10 + Build.TYPE.length() % 10 +
            Build.USER.length() % 10; //13 Bit
    try {
        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O && ActivityCompat.checkSelfPermission(context, Manifest.permission.READ_PHONE_STATE) == PackageManager.PERMISSION_GRANTED) {
            serial = android.os.Build.getSerial();
        } else {
            serial = Build.SERIAL;
        }
        //API>=9 Use serial number
        return new UUID(m_szDevIDShort.hashCode(), serial.hashCode()).toString();
    } catch (Exception exception) {
        //serial Need an initialization
        serial = "serial"; // Random initialization
    }
    // 15-digit number cobbled together using hardware information
    return new UUID(m_szDevIDShort.hashCode(), serial.hashCode()).toString();
}

score 0 · Answer 3 · answered Mar 22 '20 at 02:06

I am using the device Build.SERIAL in order to get the device unique id

String serial ="";
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
    ActivityCompat.requestPermissions(MainActivity.mainContext, new String[]{Manifest.permission.READ_PHONE_STATE}, RequestCode);
    if (ActivityCompat.checkSelfPermission(MainActivity.mainContext, Manifest.permission.READ_PHONE_STATE) != PackageManager.PERMISSION_GRANTED) {
        // Application Needs permission.READ_PHONE_STATE permission
    } else {
        serial = Build.getSerial();
    }
} else {            
        serial = Build.SERIAL;       
}

I'v employed this solution for a published app and everything works perfect either Android 10 or old Androids.

With target SDK set to 29, this will throw `SecurityException`. https://developer.android.com/about/versions/10/privacy/changes#non-resettable-device-ids — Antimonit, Sep 26 '20 at 05:36

score 0 · Answer 4 · answered Mar 22 '20 at 02:58

Quite some time ago I needed to have a persistant unique ID per device and I encountered the same problem. Here are the solutions I found:

IMEI : Worst Solution: Android devices without SIM card such as lots of tablets are excluded and you need to ask for "making calls" permission to get it, which no one would be willing to grant.
Device Serial Number : Good solution, unique value; but deprecated in API level 26 and the new method needs permission in Android 10.
SSID (aka Android_ID) : I think despite the warning this is a good solution. No repetitive record.

Some semi-unique solutions include:

Build.FINGERPRINT : A unique record for the build. No warnings. it limits the devices to a much smaller range.

Build.TIME : the time in millisecond since device ROM was produced.

Hint: Making a mix of hardware properties will not work as they may be similar (a factory manufactures tons of a model) and in order to achieve a unique ID you may need permissions.

Hint 2: Saving records on device memory is a waste of time because it is always possible to change/remove them.

score -3 · Answer 5 · answered Sep 20 '17 at 13:02

-3

You can't really "solve" this warning.

But if you want you can disable the warning by adding @SuppressLint("HardwareIds"), which will takes care of that.

Please note that by this warning Lint is giving opportunity to rethink whether you need to publish or not.

answered Sep 20 '17 at 13:02

Sreerag S Kumar

103
1
4

2

This is duplicate of https://stackoverflow.com/a/46321721/1318946 – Pratik Butani Dec 24 '19 at 10:01

Unique Android Device ID after MarshMallow warning "get device identifiers is not recommended"?

Edited:

5 Answers5