Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

ANDROID_ID still available with Android 10

According to Google, the ANDROID_ID (also known as SSAID) should not be accessible on Android 10 systems, without some preconditions (see: https://developer.android.com/about/versions/10/privacy/changes)

• If your app targets Android 10 or higher, a SecurityException occurs.

• If your app targets Android 9 (API level 28) or lower, the method
  returns null or placeholder data if the app has the READ_PHONE_STATE
  permission. Otherwise, a SecurityException occurs.

My problem here is, that I am still able to access the ANDROID_ID without any of above mentioned preconditions.

I created a Kotlin project with target platform Android 10 API level 29.

In this project I ran this code:

import androidx.appcompat.app.AppCompatActivity
import android.os.Bundle
import android.provider.Settings
import android.util.Log


class MainActivity : AppCompatActivity() {

    override fun onCreate(savedInstanceState: Bundle?) {
        super.onCreate(savedInstanceState)
        setContentView(R.layout.activity_main)
        Log.i("ANDROID ID", "##### READ Android ID ######")

        try {
            val my_android_id = Settings.Secure.getString(this.contentResolver, Settings.Secure.ANDROID_ID)
            Log.i("ANDROID ID", my_android_id)

        }
        catch (e: SecurityException){
            Log.i("ANDROID ID", "Secure Exception!")
        }

    }
}

The result is, that the ANDROID_ID gets written to the logcat without any problem. The value is no dummy value but the actual ANDROID_ID. This has been tested on a simulator and on a real device (Pixel 2).

like image 998
Sebastian Dine Avatar asked Oct 02 '19 11:10

Sebastian Dine


People also ask

Is Secure Android_id unique?

Yes, Secure. ANDROID_ID is unique for each device.

Is device ID unique Android?

The android Device ID is a unique code, string combinations of alphabets and numbers, given to every manufactured android device. This code is used to identify and track each android device present in the world.

How do I find my device ID Android 10?

Method 1: Find Android device ID using dial pad code Open your phone's dial pad, usually named “Phone” in the apps drawer. 2. Here dial this code *#*#8255#*#*.

What is Ssaid in Android?

The SSAID or android_id is a persistent hardware identifier that is “common between apps signed by the same developer signing key.” Branch utilizes this for many use cases such as Fraud and to provide the best user experience across different apps.


1 Answers

Maybe too late but according to this article in android O android developer's blog

  • The ANDROID_ID value won't change on package uninstall/reinstall, as long as the package name and signing key are the same. Apps can rely on this value to maintain state across reinstalls.
  • If an app was installed on a device running an earlier version of Android, the Android ID remains the same when the device is updated to Android O, unless the app is uninstalled and reinstalled.
  • The Android ID value only changes if the device is factory reset or if the signing key rotates between uninstall and reinstall events.
  • This change is only required for device manufacturers shipping with Google Play services and Advertising ID. Other device manufacturers may provide an alternative resettable ID or continue to provide ANDROID ID.
like image 163
Poorya Avatar answered Sep 28 '22 08:09

Poorya