WiFi receivers have a unique ID

The information portal for safe cell phone use

Operating system-independent identifier

Many identifiers are independent of the operating system and relate directly to the hardware used, i.e. the specific smartphone or tablet. These are mainly designed so that users cannot make changes themselves, for example to disguise their identity. However, some identifiers can be modified if users "root" their device and thus receive extended rights, so-called root rights.

Device ID (also Device Serial or Hardware Serial)

As is common with most devices, Android smartphones and tablets also have a serial number - the device ID. It is used to identify the Android device when communicating with a computer connected via USB. This number is usually stored in such a way that it can survive a factory reset. Apps can easily access it as it is not protected by any authorization.

Users can only change the saved device ID with root rights. But you can have them displayed. It can usually be found in the device settings under "About this phone → Status → Serial". It is assigned by the manufacturer of the system software that also contains the operating system.

Starting with Android 8, apps require the authorization "" Get phone status and identity "" in order to access the device ID.

MAC address

It is used to identify the network adapters. The network adapters are the components in the mobile device that establish the WLAN and Bluetooth connections. So there is one MAC address for Bluetooth and one for the WLAN adapter for each device.

The MAC addresses are unique worldwide - and thus allow a clear conclusion to the device. They are permanently stored in the device and cannot be changed by the user. With root rights, however, it is possible to simulate a different MAC address, for example when apps try to read the MAC addresses.

Apps with the "Retrieve network connections", "Bluetooth", "Location (roughly and precisely)" and "Access to all networks" authorization can access the MAC addresses. As of Android 6.0, normal apps are denied the first three authorizations - Upon request, you will only see a standard entry (02: 00: 00: 00: 00: 00), but you can still determine the WLAN MAC address with the "Access to all networks" authorization.

IMEI (for "International Mobile Station Equipment Identity")

It uniquely identifies every cellular device worldwide and is normally permanently stored in the device's hardware. The IMEI is transmitted to the network operator upon contact with the cellular network. Some network operators block devices using the IMEI if they are reported as stolen (in Germany currently only Vodafone).

It is not in itself illegal to change them in Germany, but it could violate the terms of use. If it is done to cover up a crime, it is a criminal offense. It can be accessed by apps that have “Get Phone Status and Identity” permission.

IMSI (for "International Mobile Subscriber Identity")

The IMSI (translated as "international mobile phone subscriber identification") is stored on the SIM card. When it comes into contact with the cellular network, it identifies the phone or SIM card to the cell tower. Changing the IMSI can disrupt contact with the cellular network. It can be accessed by apps that have “Get Phone Status and Identity” permission.

Phone number

It is unique worldwide and cannot be changed at will. It can be accessed by apps with “Get phone status and identity” permission.

IP address

The IP address identifies a device on the Internet (for example a router with a connection to the Internet). IP stands for "Internet Protocol". The IP address usually changes frequently. The rough location (country level and larger cities) can be inferred from the IP address. The Internet provider can usually assign the IP numbers to a real address and a subscriber.

Operating system-specific identifier under Android

Android ID (Also "Android Device ID" or "SSAID" for Settings.Secure)

The Android ID is created by the operating system when it is started up for the first time. In contrast to the "GSF Android ID" (see below), it is available on every Android device and identifies the respective user. Devices that can manage multiple users have an Android ID for each user account.

It is saved in the local file system. Users without root rights can neither change nor display them. However, every app can access it without any further authorizations. You can therefore display them with the help of an app. Resetting to factory settings will erase it. At the next start a new SSAID will be created.

It is usually 16 digits long and consists of numbers and letters from A-F.

From Android 8 (Oreo) there is a separate Android ID for each app / user / device combination. This means that the Android ID is no longer suitable for tracking users across multiple apps.

GSF Android ID

The GSF Android ID is managed by the Google Services Framework (GSF), a background program for Google's own apps. Commercially available Android devices on which Google apps are preinstalled use the GSF.

The GSF Android ID is created when the device is logged into a Google account for the first time. It is saved on the device and can be deleted by performing a factory reset.

It is protected by the “Read Google Service Configuration” authorization - which is requested by numerous apps.

It is usually 16 digits long and consists of numbers and letters from A-F.

Google Advertising ID (also GAAID for Google Advertising ID)

The advertising ID is a unique ID for advertising purposes that is provided by the Google Play services. It can be reset by the user under “Google Settings → Advertising” (from Android 6.0 via Google account). For access, apps only need the authorization "Access to all networks" - which almost all apps request.

Established accounts

A list of the accounts that have been set up can be called up by apps with the “Find accounts on device” permission (this applies to around 20 percent of all Android apps).

Apps with this authorization can also read the email address with which you created your Google account. Google recommends app developers use this email address to identify their users, as it works across devices and usually survives a factory reset.

As of Android 8, this authorization is no longer sufficient. In addition, either the user must explicitly allow an app to see a certain account, or the app has direct access to the account of another app via an interface, for example if both apps come from the same manufacturer.

Installed apps

Every installed app can "see" which programs are still available on a device. No special authorization is required for this. The user cannot prevent this activity.

Since the composition of apps definitely reflects personal preferences, users can also be identified by this, especially in conjunction with other data. The use of certain apps can also allow conclusions to be drawn about preferences or the state of health of the user, for example. If you want to be absolutely sure that such information remains private, you should not install the corresponding apps.

In order to see which app is currently running, you need the authorization "Call up running applications". Banking Trojans use this option to see whether the user is currently opening their banking app and then overlay a fake app window.

Build number

The build number is a six to ten-digit sequence of letters and numbers that the Android operating system precisely specifies. Because even within a version, for example Android 6.1, there are different variants. The build number is much more granular than just the Android version number and is well suited in combination with other hardware identifiers to get a "fingerprint" of the device.

You can view them under "Settings> About this phone". It is freely accessible for all apps and is frequently requested. However, it also changes with every update.

Manufacturer-specific IDs

Depending on the manufacturer, there are other unique identifiers for a mobile device. Large manufacturers such as Motorola or Samsung assign an ID for each device. Error reports are then assigned, for example, which are sent by the device to the manufacturer.

More on the topic at mobilsicherheit.de

#IMEI #Tracking #Advertising
Information has changed or do you have a hint for us on this subject?
Write to us: [email protected]