androidandroid-identifiers

Two different ANDROID IDs - settings_secure.aml & settings_ssaid.xml


i'm new to Adroid apps ecosystem. I built a simple app and notice there are two different ANDROID IDs (i'm runnig app in emulator)

  1. one stored in /data/system/users/0/settings_secure.xml file:
<setting id="25" name="android_id" value="9f43e4f495a6730" package="android" defaultValue="9f43e4f495a6730" defaultSysSet="true" />
  1. other stored under /data/system/users/0/settings_ssaid.xml
<setting id="4" name="10153" value="35ea805581c66911" package="com.example.app_v1.demo.debug" defaultValue="35ea805581c66911" defaultSysSet="false" tag="null" />
<setting id="5" name="10154" value="35ea805581c66911" package="com.example.app_v2.full.debug" defaultValue="35ea805581c66911" defaultSysSet="false" tag="null" />

Can someone share the

  1. purpose of having two different IDs? which one to use in which usecase? it's a bit confusing both are called ANDROID IDs despite stored at different locations (Is my understanding correct #1 is perhaps used by system / Andorid apps and #2 is to be used used by user, 3rd party app)
  2. also i find it odd that both my app_v1 and app_v2output same ANDROID ID (35ea805581c66911). Is my understanding correct it's because post Android-O, this ANDROID ID is scoped by signing key and user as per https://developer.android.com/reference/android/provider/Settings.Secure#ANDROID_ID ?

Thanks for clarification in advance


Solution

  • purpose of having two different IDs? which one to use in which usecase? it's a bit confusing both are called ANDROID IDs despite stored at different locations (Is my understanding correct #1 is perhaps used by system / Andorid apps and #2 is to be used used by user, 3rd party app)

    From the documentation you linked, and the description in SettingsProvider.java I think your understanding is correct, the value in settings_secure.xml is there for the Android OS itself to access, while the "SSAID" is for 3rd party apps to access.

    If you are an app developer, you don't have a choice of which one to use, since you only have access to the "SSAID" version.

    If your question is why it is necessary to assign different Android IDs per signing key, my guess is that is to prevent 3rd party libraries from tracking the user across applications. (Think something like Admob SDK)

    also i find it odd that both my app_v1 and app_v2output same ANDROID ID (35ea805581c66911). Is my understanding correct it's because post Android-O, this ANDROID ID is scoped by signing key and user as per https://developer.android.com/reference/android/provider/Settings.Secure#ANDROID_ID ?

    My guess is because your app_v1 and app_v2 are signed with the same signing key, and therefore the Android ID they see is the same.