Unique (device based) salt in Android

Question

I'm implementing the Google's licensing system and for the obfuscator I need to generate a unique id. The documentation says

/**
 * @param salt an array of random bytes to use for each (un)obfuscation
 * @param applicationId application identifier, e.g. the package name
 * @param deviceId device identifier. Use as many sources as possible to
 *    create this unique identifier.
 */
public AESObfuscator(byte[] salt, String applicationId, String deviceId) {

In addition to the packagename and the device id obtained with

private String android_id = Secure.getString(getContext().getContentResolver(),
                                                    Secure.ANDROID_ID);

what other sources can I use?

Thanks

score 2 · Accepted Answer · edited May 23 '17 at 10:25

Secure.ANDROID_ID is known to be null sometimes and can be changed on rooted phones I believe, so you should consider checking some other options such as TelephonyManager.getDeviceId()

A nice snippet I found on this question does the following to generate a Unique id:

final TelephonyManager tm = (TelephonyManager) getBaseContext().getSystemService(Context.TELEPHONY_SERVICE);
final String tmDevice, tmSerial, androidId;

tmDevice = "" + tm.getDeviceId();
tmSerial = "" + tm.getSimSerialNumber();
androidId = "" + android.provider.Settings.Secure.getString(getContentResolver(), android.provider.Settings.Secure.ANDROID_ID);

UUID deviceUuid = new UUID(androidId.hashCode(), ((long)tmDevice.hashCode() << 32) | tmSerial.hashCode());
String deviceId = deviceUuid.toString();

Unique (device based) salt in Android

1 Answers1