how can I get a unique device ID in javascript?

Question

I'm working on my bachelors project at University and I'm doing an app where I need a unique device ID. I'm working with javascript and the application (which is accessible when downloading the application or when entering the web page) would run on the following execution platforms:

• mobile and tablets: Android, iOS, Windows Phone, Firefox OS, Tizen

• Smart TV: Android, Tizen OS, Web OS

• browsers: Windows, Mac, Linux

My question is: is it possible to obtain an identifier of the physical device, such as the MAC address, but that never changes (since the MAC can be changed by the user at any time) for all or, at least, for some of the execution platforms mentioned above?

Answer 1

It is not technically possible to obtain an ID unique to the device, from a browser.

However there is a way to work around this. You can use JavaScript to generate a long ID, which is statistically guaranteed to be unique, such as a GUID (a 128 bit integer). This value can then be stored in the browsers localStorage (or in a cookie), again using JavaScript.

The next time the users opens this page, you can check if a unique ID is found in the browsers localStorage. If found, you known which device this is.

You can also use other information to help indentify the device, such as the IP address, the device's screen size, and other settings which can be read through JavaScript.

Non of these solutions are guaranteed to work. For example if a browser is in private mode, the data in the localStorage will not persist.

Answer 2

If installed as an app on a mobile device or smart TV, you'll probably have a enough access to get a hold of something unique. I wouldn't necessarily go for a Mac address, but different devices will have different unique identifiers you can grab (even just a phone number would be a pretty good bet for a mobile phone).

Browsers, which are the most restricted environment you listed, are a different story.

Short answer, no.

Longer answer, no, but kinda.

There is no way to get any kind of identifier that is truly unique and unchangeable from the client. This means no MAC address, serial number, IMSI, or any of those other things.

You'd have to turn to an approach which advertisers frequently use to track you across the web.

Basically, you scoop up all the information you can access about a user. These things may include user agent string, IP address, OS, and the like. Basically, things that are sent in an HTTP request and/or via JavaScript client-side. By combining these values together, you can create something that's going to be reasonably unique fingerprint, though not guaranteed and will greatly vary by physical environment that users access it by.

For example, if I'm using my computer at home, and I'm all alone, and I have a fixed IP address, then getting my IP address alone will probably point to just me. If I'm in a college library or an office environment though, and pretty much every other computer all uses the same external IP (quite common a lot of times), and all of them are roughly the same amount of up-to-date, then a lot of people will show up all as the same user even if you mix a bunch of different data points together.

Depending on your use-case, it may be "good enough" (which is generally what advertisers go with), but if it you are using it for any kind of auto-access to security, don't do it. It's never going to be anywhere near secure enough for that. If you want to do something like that, at the very least mix it with a cookie and/or session specific values to reduce the risks.