Starting with the Android 10 specification, apps can no longer extract the phone's
- IMEI or Serial Number, SIM Card Serial Number, Subscriber ID, MAC Address or other
- non-resettable unique device identifiers, even if granted access to
- READ_PHONE_STATE. Apps must have the
- READ_PRIVILEGED_PHONE_STATE new to Android 10 in order to get access to
- any of these non-resettable, persistent device identifiers. Apps using the Android 10
- API will recieve a SecurityException error, and any older apps simply get
- an empty value if the READ_PHONE_STATE permission has been granted to them,
- or a SecurityException error if they don't. MAC Addresses are randomized
- per WiFi network on GrapheneOS. Apps, even if granted full network access, cannot read
- nor change the MAC Address.
As of Android 10, apps cannot obtain permission to access non-resettable hardware
+ identifiers such as the serial number, MAC addresses, IMEIs/MEIDs, SIM card serial
+ numbers and subscriber IDs. Only privileged apps included in the base system with
+ READ_PRIVILEGED_PHONE_STATE whitelisted can access these hardware
+ identifiers. Apps targeting Android 10 will receive a SecurityException
+ and older apps will receive an empty value for compatibility.
GrapheneOS does not utilize Advertising IDs, even though the Advertising ID - normally seen on Android and iOS devices is resettable.
- -ANDROID_ID is persistent between application installs but is resettable.
- Pull requests are welcomed in this area.
GrapheneOS only makes a small change to remove a legacy form of access to the + serial number by legacy apps, which was still around for compatibility.