Should I worry about apps collecting Device ID (Android)?
from petri@sh.itjust.works to privacy@lemmy.ml on 26 May 21:57
https://sh.itjust.works/post/38793729

If I should, are there ways I could install such apps with a spoofed Device ID or something like that?

#privacy

threaded - newest

rob299@lemmy.blahaj.zone on 26 May 22:08 next collapse

I mean, in what context. Are you trying to to make sure they don’t know its you using their apps or services? Or just in general wondering if you should hide your device id. If you aren’t hiding anything illegal, while using a VPN device I.d wouldn’t really help them much. If you are using modified apps to access services. In a case like this, for instance with Disney+ or Netflix, apps could figure your device id and then the second you mess up and are connected to their apps and your VPN is off then they can then connect the real IP address with that device id.

Overall For privacy protection you should 100% spoof your device id. However if you aren’t doing anything illegal particularly modding official apps, or using such modifications. You might not need to spoof the device id, and a VPN alone might still be enough anyways as long that it is a trusted VPN, don’t just use any make sure you know that you can trust the VPN host provider.

petri@sh.itjust.works on 26 May 22:45 next collapse

I don’t know if my Device ID with my real location would end up in the hands of a Data Broker(s) that would start profiling other data linked to my location to then sell it to other Data Broker(s), that’s my only worry

rob299@lemmy.blahaj.zone on 26 May 23:01 collapse

So device id is one piece of the puzzle, among other ways of getting your location and address.

However with that in mind here is why I would particularly try to hide the device id.

It never changes, your IP address can change based off of the network you are on which is particularly good for cellular connection. However using a VPN is still better.

To my knowledge they couldn’t just get your location form device id itself, however device id and IP address are part of the collection they are aiming to grab. As I said, if you forget to check if your VPN is on, then they can collect your IP address/location separately from your device id.

Do cover up anything and everything you can. Not because it gives additional info, but every new thing is just another piece of the equation.

petri@sh.itjust.works on 26 May 23:05 collapse

Can I force it to change or spoof it? VPN may sometimes break connection out of nowhere, I hardly have this experience on PC but on mobile it just seems to occur a lot more often

rob299@lemmy.blahaj.zone on 26 May 23:13 collapse

One final detail, when you say device id. Do you mean (for Android) ssaid, IMEI or advertising I.d or Mac address?

petri@sh.itjust.works on 26 May 23:18 collapse

Huh, I thought IMEI was something only useful to government and insurance and not possible for apps to read? I wasn’t worried about it if that’s the case, it’s on Android yes so probably SSAID (not sure about the Advertising ID, also can or is it common for apps to read MAC Address of devices to tie it to people?)

rob299@lemmy.blahaj.zone on 26 May 23:20 collapse

No i’m saying what specifically do you mean by device id. because I need to know so I can tell you if or how you can spoof it.

rob299@lemmy.blahaj.zone on 26 May 23:22 next collapse

USAID is pretty straight forward to spoof, you can either do it with adb using a PC, or by factory resetting the phone. (which is probably a last resort for you not sure.) edit: or you can create a virtual environment, or root and use Xposed/Magisk modules.

petri@sh.itjust.works on 26 May 23:36 collapse

thanks!

bad_news@lemmy.billiam.net on 27 May 02:22 collapse

Remember if you use play services, Google has your IMEI, though.

petri@sh.itjust.works on 26 May 23:23 collapse

<img alt="" src="https://sh.itjust.works/pictrs/image/3c9e6438-3f3b-483a-a757-421faa63b7af.png">

rob299@lemmy.blahaj.zone on 26 May 23:29 collapse

These seem to be the 4 options particularly for ssaid. See my last comment. you should also be able to reset the advertising I.d which you can easily do right on your android phone’s settings without root.

sunzu2@thebrainbin.org on 27 May 00:51 collapse

aren't doing anything illegal particularly modding official apps, or using such modifications.

how is "modding" an app illegal?

Ulrich@feddit.org on 27 May 00:46 next collapse

Yes. Anything with “ID” in the name should give you pause, especially when its designated to you by the largest surveillance company on the planet.

You can simply delete it.

Settings --> Privacy --> Ads --> Delete advertising ID.

sunzu2@thebrainbin.org on 27 May 00:49 collapse

why do you assume that advertising ID=Device ID

I would assume they are collecting IMEI when they say device

kipo@lemm.ee on 02 Jun 17:12 collapse

I would imagine the risk depends on the app, your use case of the phone and the app, and if you’re a high-profile target.

That said, Android phones have an Android ID, an Advertising ID, a sim ID, wifi ID, bluetooth ID, MAC address, IMEIs, and more.

There is an Xposed module called Android Faker that claims to spoof these IDs. It requires root and something that can manage xposed modules, such as LSPosed. I only use it for a few super sketchy apps that I need and don’t trust.