TIL ANDROID_ID and who comes up with this malicious shit? does GrapheneOS do anything reasonable to fix it?
Conversation
Replying to
On Android 8+, it's based on a secret generated for each profile and made into an app-specific value based on app signing key. Apps can implement their own ANDROID_ID via app-specific external storage directory unless scoped storage is being used which clears that on uninstall.
Replying to
The malicious part is that it persists across uninstall. Couldn't the app-specific value just be randomly generated on install rather than derived, with no way for the app to tell you faked it that way?
1
Replying to
It's a bit more complicated than that due to apps with the same signature able to act as a multi-part app. So for example, if you install ExampleKeyboard and ExampleKeyboardTheme signed with the same signature, those have the same ANDROID_ID. We probably don't want to break this.
1
Show replies
We cover these things in grapheneos.org/faq#hardware-i and grapheneos.org/faq#non-hardwa.
We've planned to change how it works for a while so that it's instead a per-app id tied to the app install and will be different on reinstall. Not much benefit with low scoped storage adoption though.
2
1
Replying to
How would storage persist across uninstall? If it's in shared storage at least it's visible and subject to manual deletion, no?
1
Show replies