So, I thought I was being clever and using various hashes and permutations of Android's secure unique ID to identify my users....
But it turns out that 9774d56d682e549c is a magic ID returned by
Secure.getString(getContentResolver(), Secure.ANDROID_ID);
for a good number of devices... It appears every emulator I build has the same ID, and many of other peoples phones (lots of moto droids!) and flashed OS mods tend to return this same repeating value. Non-MotoDroid / Non-Flashed handsets seem to all give me a unique string back. But this one is in my DB about 60 times!
I'm going to be optimizing my app to check for that string before registering, but what would be a recommended way of handling it to get another unique value?
My current thought is to check for it, generate an EXTREMELY LARGE random value, hash it, then store than in SharedPreferences
and then either use the ANDROID_ID or the one stored in sharedprefs (if the users phone is giving the value). Anyone have any better ideas, or does this seem solid enough to mitigate this crazy bug?
Take a look at the Identifying app installations article. You can't rely on ANDROID_ID
.
The best solution is to generate a custom id with:
String id = UUID.randomUUID().toString();
If you want to create one with the same format as real ANDROID_ID
s, you can use the same method they use here:
private static String generateAndroidId() {
String generated = null;
try {
final SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
random.setSeed( (System.nanoTime() + new SecureRandom().nextLong()).getBytes() );
generated = Long.toHexString(random.nextLong());
} catch (NoSuchAlgorithmException e) {
Log.e(TAG, "Unexpected exception", e);
}
return generated;
}
Outputs: 9e7859438099538e
Though not ideal, things like the Google AdMob SDK use the permission android.permission.READ_PHONE_STATE
to read the device's phone number, etc.
There's some useful, related information in the following blog post: http://strazzere.com/blog/?p=116
This phenomenon and also this Stackoverflow thread were talked about at the summercon 2012 by Oberheide and Miller, who recently dissected Google's Bouncer: http://jon.oberheide.org/files/summercon12-bouncer.pdf
Maybe you can extract some more useful info for your project.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With