Settings.Secure.ANDROID_ID is not unique, how to solve?

5
votes

I'm facing now a big issue. As found in Android official reference: http://developer.android.com/reference/android/provider/Settings.Secure.html#ANDROID_ID

public static final String ANDROID_ID

*Added in API level 3

A 64-bit number (as a hex string) that is randomly generated on the device's first boot and should remain constant for the lifetime of the device. (The value may change if a factory reset is performed on the device.) Constant Value: "android_id"*

But with over 500 tablet sold (A10 AllWinner) ANDROID_ID is not really generated randomly and I see (from my web service log) that several devices have the same number!

Why?

How can I solve this issue? How can I generate a unique ID? Assume that the serial code is always the same for all devices (Same serial number on several android devices. Adb is useless. How can I change the serial number?) and MAC address could not be always available.

1
androidsecurity
What are you using this number for that requires uniqueness?CodesInChaos
My application uses C# web services to get updates, send data... So, in web services, I want to identify every single tablet I sold. It's a big problem if two or more tablet have the same identification number!Seraphim's
Also worth noting that Android ID is reset if your user does a reset to factory defaults.Elemental
possible duplicate of Is Secure.ANDROID_ID unique for each device?kellyfj

1 Answers

9
votes

In general this is a serious problem with Android - it seems the Android ID is the best option BUT as you note several significant vendors have made a mess of the implementation.

Confronted by a similar requirement I have used a hash of these values:

  • Phone number/SIM card number (if available or just use zeros)
  • Android ID
  • Mac Address (if available or just use zeros)

In my limited experience (several hundred devices in use) this combination has been good enough to achieve the uniqueness you need.

Update 2017 from Android 6 the Mac address returns a constant value for security reasons - however in almost all newer implementations of android the android ID seems to be reliably unique so unless you are targeting older versions you would have no motive to use this technique.