Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Android - How are you dealing with 9774d56d682e549c ? Android ID

So, I thought I was being clever and using various hashes and permutations of Android's secure unique ID to identify my users....

But it turns out that 9774d56d682e549c is a magic ID returned by

Secure.getString(getContentResolver(), Secure.ANDROID_ID);

for a good number of devices... It appears every emulator I build has the same ID, and many of other peoples phones (lots of moto droids!) and flashed OS mods tend to return this same repeating value. Non-MotoDroid / Non-Flashed handsets seem to all give me a unique string back. But this one is in my DB about 60 times!

I'm going to be optimizing my app to check for that string before registering, but what would be a recommended way of handling it to get another unique value?

My current thought is to check for it, generate an EXTREMELY LARGE random value, hash it, then store than in SharedPreferences and then either use the ANDROID_ID or the one stored in sharedprefs (if the users phone is giving the value). Anyone have any better ideas, or does this seem solid enough to mitigate this crazy bug?

like image 736
Eric Avatar asked May 24 '11 06:05

Eric


4 Answers

Take a look at the Identifying app installations article. You can't rely on ANDROID_ID.

The best solution is to generate a custom id with:

String id = UUID.randomUUID().toString();
like image 61
vieux Avatar answered Sep 30 '22 10:09

vieux


If you want to create one with the same format as real ANDROID_IDs, you can use the same method they use here:

private static String generateAndroidId() {
    String generated = null;
    try {
        final SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
        random.setSeed( (System.nanoTime() + new SecureRandom().nextLong()).getBytes() );
        generated = Long.toHexString(random.nextLong());
    } catch (NoSuchAlgorithmException e) {
        Log.e(TAG, "Unexpected exception", e);
    }
    return generated;
}

Outputs: 9e7859438099538e

like image 45
Grantland Chew Avatar answered Sep 30 '22 10:09

Grantland Chew


Though not ideal, things like the Google AdMob SDK use the permission android.permission.READ_PHONE_STATE to read the device's phone number, etc.

There's some useful, related information in the following blog post: http://strazzere.com/blog/?p=116

like image 44
Sven Viking Avatar answered Sep 30 '22 12:09

Sven Viking


This phenomenon and also this Stackoverflow thread were talked about at the summercon 2012 by Oberheide and Miller, who recently dissected Google's Bouncer: http://jon.oberheide.org/files/summercon12-bouncer.pdf

Maybe you can extract some more useful info for your project.

like image 20
Jasi Avatar answered Sep 30 '22 11:09

Jasi