Android - How are you dealing with 9774d56d682e549c ? Android ID

Question

So, I thought I was being clever and using various hashes and permutations of Android's secure unique ID to identify my users....

But it turns out that 9774d56d682e549c is a magic ID returned by

Secure.getString(getContentResolver(), Secure.ANDROID_ID);

for a good number of devices... It appears every emulator I build has the same ID, and many of other peoples phones (lots of moto droids!) and flashed OS mods tend to return this same repeating value. Non-MotoDroid / Non-Flashed handsets seem to all give me a unique string back. But this one is in my DB about 60 times!

I'm going to be optimizing my app to check for that string before registering, but what would be a recommended way of handling it to get another unique value?

My current thought is to check for it, generate an EXTREMELY LARGE random value, hash it, then store than in SharedPreferences and then either use the ANDROID_ID or the one stored in sharedprefs (if the users phone is giving the value). Anyone have any better ideas, or does this seem solid enough to mitigate this crazy bug?

Also see http://stackoverflow.com/q/4799394/60462 for additional info. — Volker Stolz, Jul 09 '12 at 13:18

score 8 · Accepted Answer · edited Jul 09 '12 at 13:16

8

Take a look at the Identifying app installations article. You can't rely on ANDROID_ID.

The best solution is to generate a custom id with:

String id = UUID.randomUUID().toString();

edited Jul 09 '12 at 13:16

Volker Stolz

7,274
1
32
50

answered May 24 '11 at 07:32

vieux

23,887
3
26
26

Thanks for the link. I modified the code a bit to fit implementation, and it works great. Silly android bugs! – Eric May 24 '11 at 14:54

score 2 · Answer 2 · answered Aug 29 '12 at 22:41

If you want to create one with the same format as real ANDROID_IDs, you can use the same method they use here:

private static String generateAndroidId() {
    String generated = null;
    try {
        final SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
        random.setSeed( (System.nanoTime() + new SecureRandom().nextLong()).getBytes() );
        generated = Long.toHexString(random.nextLong());
    } catch (NoSuchAlgorithmException e) {
        Log.e(TAG, "Unexpected exception", e);
    }
    return generated;
}

Outputs: 9e7859438099538e

score 1 · Answer 3 · answered Jun 22 '12 at 09:02

This phenomenon and also this Stackoverflow thread were talked about at the summercon 2012 by Oberheide and Miller, who recently dissected Google's Bouncer: http://jon.oberheide.org/files/summercon12-bouncer.pdf

Maybe you can extract some more useful info for your project.

score 1 · Answer 4 · answered May 24 '11 at 07:51

1

Though not ideal, things like the Google AdMob SDK use the permission android.permission.READ_PHONE_STATE to read the device's phone number, etc.

There's some useful, related information in the following blog post: http://strazzere.com/blog/?p=116

answered May 24 '11 at 07:51

Sven Viking

2,660
21
34

Android - How are you dealing with 9774d56d682e549c ? Android ID

4 Answers4