We have not found documentation on the logic with which the Android ID is generated for an app / device.
Starting from Android 10 the IMEI is no longer usable. We need to uniquely identify the devices on which our app is installed. We don't care that the ID changes over time, we care that the ID is unique and is not repeated on other devices.
What is the probability that the same app installed on two different devices will have the same Android ID? In a context with a few thousand devices, is it reasonably impossible for this to happen?
Thanks in advance
EDIT: with "Android ID" I refer to the ID that Android assigns to each installed app. The ID can be obtained with the following code:
Android.Provider.Settings.Secure.GetString(cnt.ContentResolver, Android.Provider.Settings.Secure.AndroidId);
1: Where does it state that the Settings.Secure.ANDROID_ID is a 64-bit number.
https://developer.android.com/reference/android/provider/Settings.Secure#ANDROID_ID
On Android 8.0 (API level 26) and higher versions of the platform, a 64-bit number (expressed as a hexadecimal string), unique to each combination of app-signing key, user, and device.
2: How is that 64-bit number generated.
From Secure Android ID length? which includes a link to the Android Open Source Project code
String androidId = Long.toHexString(new SecureRandom().nextLong());
For reference Java Long size is 8 bytes or 64 bits. That means 2^64 or approximately 1.84E+19 values available. What is stored for a particular app isn't a created value from the device id, user id and application signing key but a SecureRandom generated Java Long number.
3: So Android stores this SecureRandom value for each app / user / device (factory reset). And if any of those change a new value is generated?
Basically yes. From: Where is the "android_id" stored and when does it change?
As stated in the Android Developer Blog for O it had to behave/remain consistent for device upgrades.