Understand Android device unique identifiers and how to use them securely in development

The unique identifier of an Android device is often used in development to identify the device, analyze user behavior, and implement personalized push notifications. For privacy and security reasons, the acquisition and use of some identifiers (such as IMEI and MAC address) may be subject to certain restrictions. During the development process, it is necessary to comply with relevant privacy policies and regulations to ensure the security and compliance of user data.

The unique identifiers of Android devices mainly include the following:

1. "IMEI (International Mobile Equipment Identity)": IMEI is the abbreviation of International Mobile Equipment Identity, which is commonly known as the mobile phone serial number or "serial number" of a mobile phone. It is an "electronic serial number" consisting of 15 digits, which is equivalent to the ID card of a mobile phone and is used to identify each independent mobile phone and other mobile communication devices in the mobile phone network. The IMEI code is uniformly allocated by GSM (Global Association for Mobile Communications) and authorized by BABT (British Accreditation Board).
2. 「MEID」: MEID is another form of mobile device identification code, mainly used for CDMA mobile phones.
3. 「MAC address」: MAC address is the media access control address, also known as the physical address or hardware address, which is used to uniquely identify a network device on the network.
4. 「ANDROID_ID」: ANDROID_ID is a unique ID assigned to the device by the Android system, which is mainly used to identify the device within the application.
5. "UUID (Universally Unique Identifier)": UUID is a software construction standard and is also part of the Open Software Foundation in the field of distributed computing environments. Its purpose is to allow all elements in a distributed system to have unique identification information without the need for a central control terminal to specify the identification information.
6. 「OAID」: OAID (Open Anonymous Device Identifier) ​​is a device identifier launched by the mobile advertising industry in order to comply with user privacy protection policies.

IMEI

IMEI (International Mobile Equipment Identity) is an important device identifier that uniquely identifies each mobile phone. The IMEI code consists of 15 digits and is unique to each mobile phone. The identification code can help operators and manufacturers track the source and status of the device, as well as remotely control it when necessary.

Get IMEI in Android app:

1. 「Add permissions」: Add permission to read phone status in the AndroidManifest.xml file of the application.

 <uses-permission android:name="android.permission.READ_PHONE_STATE" />

2. "Get TelephonyManager": Get a TelephonyManager instance.

 TelephonyManager telephonyManager = (TelephonyManager) getSystemService(Context.TELEPHONY_SERVICE);

3. "Get IMEI": Use the getDeviceId() method of TelephonyManager to get the IMEI of the device.

 String imei = telephonyManager.getDeviceId();

Note:

• 「Privacy Policy」: IMEI is sensitive information of the device. Before obtaining and using IMEI, you must ensure that the application complies with relevant privacy policies and regulations. It is necessary to clearly inform users that IMEI will be collected and used in the privacy policy of the application, and obtain the user's explicit consent.
• 「Permission changes」: Starting from Android 6.0 (API level 23), after the runtime permission model is introduced, you need to request the READ_PHONE_STATE permission at runtime.
• 「Availability」: In some cases, such as simulators or devices without SIM cards, getDeviceId() may return null or a non-standard value. After getting the IMEI, you should check whether it is null or valid.
• 「Compatibility」: For Android 10 (API level 29) and above, due to enhanced privacy protection, non-system applications may not be able to access the IMEI. In this case, you may need to find other ways to identify the device or user.
• 「Google Play Policies」: Make sure your app complies with Google Play's policies, especially when it comes to handling user data. Improper data collection and use may result in your app being removed from Google Play.

MEID

MEID is a form of mobile device identification code, mainly used for CDMA mobile phones or communication tablets. Similar to the "identity card number" of each CDMA device, the network can track and supervise the device through this identification code. In the mobile communication network, MEID is an important basis for identifying mobile devices, which helps to ensure the legitimacy of the device and its normal use in the network. MEID can also be used for equipment tracking, warranty verification and other purposes.

Get MEID in Android app:

1. 「Add permissions」: Add permission to read phone status in the AndroidManifest.xml file.

 <uses-permission android:name="android.permission.READ_PHONE_STATE" />

2. "Get TelephonyManager": Get a TelephonyManager instance.

 TelephonyManager telephonyManager = (TelephonyManager) getSystemService(Context.TELEPHONY_SERVICE);

3. 「Get MEID」: Use the getMeid() method of TelephonyManager to get the MEID of the device.

 //8.0以后,区分IMEI和MEID if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) { Log.d(TAG, "getImei:" + manager.getImei()); Log.d(TAG, "getMeid:" + manager.getMeid()); } else { //8.0之前:不区分IMEI和MEID,在安卓8.0废弃Log.d(TAG, "getDeviceId:" + manager.getDeviceId()); }

MAC Address

MAC address refers to the physical address of a device, also known as the hardware address. MAC address is the unique identifier of a network device on the network. It consists of a string of English and numbers and is globally unique. Every network device, including mobile phones, computers, routers, etc., has a unique MAC address. This address does not change with changes in the network or location, so it can accurately identify a specific device.

On Android devices, you can view the MAC address through a specific path. Generally, you can find the "About phone" or "About device" option in the "Settings" menu, and select the "Status message" or "Network status" submenu to find the "WLAN MAC address" or similar options.

The Android MAC address is a unique identifier for a device on the network. It plays a key role in device communication and network management, but you should also be aware of its potential security risks.

There are multiple ways to get the MAC address on an Android device. Here are two common methods:

Method 1: Obtain through WifiManager

1. Get the WifiManager instance through the getSystemService(Context.WIFI_SERVICE) method.
2. Use the getConnectionInfo() method to obtain the connection information.
3. Call the getMacAddress() method to obtain the MAC address.

Method 2: Obtain through NetworkInterface

1. Get the list of network interfaces on the device by calling the NetworkInterface.getNetworkInterfaces() method, which returns an enumeration type of network interface list.
2. Traverse this interface list and find the Ethernet interface.
3. After finding the Ethernet interface, get the MAC address through the getHardwareAddress() method of the interface.

Starting from Android 6.0 (API level 23), after the introduction of runtime permissions, you need to request permission to access the network status at runtime.

 <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION"/> <uses-permission android:name="android.permission.LOCAL_MAC_ADDRESS" /> <uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />

Android_id

ANDROID_ID is a unique ID provided by the Android system to identify a device. It is a 64-bit hexadecimal string consisting of 16 characters. It is a device-specific identifier that can be used to uniquely identify an Android device.

On Android 8.0 (API level 26) and higher platforms, a 64-bit number (represented as a hexadecimal string) that is unique for each combination of application signing key, user, and device. The value of ANDROID_ID is scoped by signing key and user. This value might change if a factory reset is performed on the device or if the APK signing key changes.

On platform versions lower than Android 8.0 (API level 26), this is a randomly generated 64-bit number (expressed as a hexadecimal string) when a user first sets up their device, and should remain constant for the lifetime of the user's device. On devices with multiple users, each user appears as a completely separate device, so ANDROID_ID values ​​are unique to each user.

The generation of ANDROID_ID is based on the device's hardware information and the version number of the operating system. It is fixed on the same device, but different on different devices. ANDROID_ID is generated when the device is first started. It is stored in the secure table in the device's /data/data/com.android.providers.settings/databases/settings.db database. When the device is first started, the system checks whether there is an entry named android_id in the secure table. If it does not exist, a unique ANDROID_ID is generated and inserted into the secure table. If the device is restored to factory settings, a new ANDROID_ID is regenerated.

Although ANDROID_ID is unique, it is not 100% reliable because it can be modified or tampered with by certain applications. If you reset the device, ANDROID_ID will also be reset. If you flash the device or change the ROM, ANDROID_ID will also be reset.

 //在Android 8.0（API 级别26）及更高版本中，SSAID(AndroidID) 提供了一个在由同一开发者签名密钥签名的应用之间通用的标识符。 //当设备恢复出厂设置,或者Root过的话,OTA升级系统，值会被改变public static void getAndroidId(Context context){ String androidId = Settings.Secure.getString(context.getApplicationContext().getContentResolver(),Settings.Secure.ANDROID_ID); Log.d(TAG, "androidId:" + androidId); }

UUID

UUID (Universally Unique Identifier) ​​is a software construction standard and is also part of the Open Software Foundation (OSF) organization in the Distributed Computing Environment (DCE) field. UUID is a 128-bit string, usually represented by 32 hexadecimal digits, divided into five segments in the format of 8-4-4-4-12 36 characters, for example: 550e8400-e29b-41d4-a716-446655440000.

The main purpose of UUID is to provide uniqueness, reduce the possibility of conflicts, and not rely on a central registration authority to assign identifiers. Because the UUID generation algorithm uses some random elements (such as the current timestamp and machine identifier), it can generate identifiers that are almost non-repeating in different systems and applications.

 //在大多数非广告用例中，可用于跟踪已注销用户的偏好设置,这是建议的解决方案public static void getUUID(){ String uniqueID = UUID.randomUUID().toString(); Log.d(TAG, "UUID:" + uniqueID); }

OAID

OAID (Open Anonymous Device Identifier) ​​is a device identifier launched by the mobile advertising industry to comply with user privacy protection policies. Its main purpose is to provide advertisers and developers with a way to replace traditional device identifiers such as IMEI and Android ID while protecting user privacy, so as to facilitate operations such as ad tracking, effect measurement and personalized push.

OAID has the following characteristics:

1. "Anonymity": OAID is anonymous and will not be directly linked to the user's personal information, thus protecting the user's privacy.
2. "Resettability": Users can choose to reset OAID in the device's settings, and advertisers and developers will no longer be able to track the device.
3. 「Compliance」: Since OAID complies with the user privacy protection policy, using OAID for advertising tracking and data analysis is more in line with regulatory requirements.

On Android devices, OAID is usually provided by advertising service providers or device manufacturers. Developers need to integrate the corresponding SDK (Software Development Kit) to obtain OAID. Developers can use it for purposes such as ad tracking and push notifications.

For specific usage, please refer to the instruction manuals of each manufacturer:

小米OAID: https://dev.mi.com/distribute/doc/details?pId=1634 OPPO OAID: https://open.oppomobile.com/new/developmentDoc/info?id=12344华为OAID: https://developer.huawei.com/consumer/cn/doc/HMSCore-Guides/oaid-0000001050783198

Considering privacy and security issues, if the application does not need IMEI and MEID for key functions, it is best to avoid collecting and using them. You can consider using other methods to identify devices or users, such as using ANDROID_ID, OAID, or generating a UUID to identify the device in the application.