Mobile devices expose unique identifiers that can be used to identify users across applications or devices. These identifiers put user privacy at
risk, as they might allow the tracking of user activity without consent, while making it difficult or impossible for users to reset them.
Privacy violations can cause apps to be removed from app stores and can result in legal action or loss of trust from users.
Ask Yourself Whether
- The identifier is used to track users between applications or devices.
- The identifier cannot be easily reset by the user.
- The identifier is connected to personally identifiable information.
- The identifier is linked to the device hardware (MAC address, IMEI, etc).
There is a risk if you answer yes to any of these questions.
Recommended Secure Coding Practices
- Whenever possible, use identifiers that users can easily reset.
- Don’t link identifiers to personally identifiable information without collecting users' explicit consent.
- Avoid using identifiers that are linked to the device hardware (MAC address, IMEI, etc).
- Only use the Advertising ID for user profiling or ads use cases.
For ads use cases, use the Advertising ID provided by the platform. This identifier is designed to be reset by the user and has an associated
Personalized Ads flag.
For non-ads use cases, the most privacy-friendly identifiers that can be used are:
- Firebase installation ID (FID)
- A privately stored GUID generated by the app
Sensitive Code Example
String uid = Settings.Secure.getString(contentResolver, Settings.Secure.ANDROID_ID); // Sensitive
User user = new User(
uid,
"John",
"Doe",
);
Compliant Solution
String uid = UUID.randomUUID().toString();
User user = new User(
uid,
"John",
"Doe",
);
See
