I need a way to uniquely identify android and iOS device even after my application is uninstalled and installed again. Both ANDROID_ID and UUID do not do the job. Maybe there are some libraries dedicated to this task?
问题:
回答1:
Regarding iOS side, as described in this thread:
Eskimo1s' answer:
"iOS puts serious restrictions on unique persistent identifiers because of privacy concerns. There are several WWDC sessions that discuss this and I strongly encourage you to watch them:
- WWDC 2012 Session 710 Privacy Support in iOS and OS X
- WWDC 2013 Session 714 Protecting Your Users’ Privacy
- WWDC 2014 Session 715 User Privacy in iOS and OS X
- WWDC 2015 Session 703 Privacy and Your App
- WWDC 2016 Session 709 Engineering Privacy for Your Users
Given the above there’s no single value that uniquely identifies an iOS device, now and forever, across unrelated apps. Rather, there’s a suite of options available to you, and which one you use depends on your requirements."
Here is another thread for iOS, where Eskimo1 describes what you can do:
- Use MDM to get the UDID and IMEI of the device
- Create a record in your device database with that information
- Generate a random unique ID and add that to your device database
- Use managed app preferences to push that unique ID to your app
- Your app can then add that unique ID to requests and you can look up the info you need based on that
In the application I was working on some time ago, we used the third option.
As for Android side: As described in 'Best practices for unique identifiers':
"1: Avoid using hardware identifiers. Hardware identifiers such as SSAID (Android ID) and IMEI can be avoided in most use-cases without limiting required functionality.
2: Only use Advertising ID for user profiling or ads use-cases. When using an Advertising ID, always respect the Limit Ad Tracking flag, ensure the identifier cannot be connected to personally identifiable information (PII) and avoid bridging Advertising ID resets.
3: Use an Instance ID or a privately stored GUID whenever possible for all other use-cases except payment fraud prevention and telephony. For the vast majority of non-ads use-cases, an instance ID or GUID should be sufficient.
4: Use APIs that are appropriate to your use-case to minimize privacy risk. Use the DRM API API for high value content protection and the SafetyNet API for abuse prevention. The Safetynet API is the easiest way to determine whether a device is genuine without incurring privacy risk."
Also, I suggest you to read this article to which describes all the methods for Android.