Android O Improves User Privacy by Using Random Address for Wi-Fi Scanning & Limiting Device Identifiers
The latest version of Android – the Android O has been available as Developer Previews for a month now. The new version brings a variety of changes to the interface and today, in a blog post, Google revealed some other changes that have arrived.
Android O gives more power to the users, and they can now control the use of identifiers to keep their privacy intact. While this new privacy measure is not much noticeable but it does put a check on device identifiers and the user information that gets requested by apps. Apps will have limited access to device’s serial number while Camera and Bluetooth identifiers will no longer have it.
With this, Android ID (Settings.Secure.ANDROID_ID or SSAID) now carries different value for every app and user on the device. The ID value will not change even on package uninstall/reinstall until the package name and the sign-in information stays the same. Third-party developers would require user resettable Advertising ID.
Elaborating on the use of Android ID on Android O, Google writes:
- The ANDROID_ID value won’t change on package uninstall/reinstall, as long as the package name and signing key are the same. Apps can rely on this value to maintain state across reinstalls.
- If an app was installed on a device running an earlier version of Android, the Android ID remains the same when the device is updated to Android O, unless the app is uninstalled and reinstalled.
- The Android ID value only changes if the device is factory reset or if the signing key rotates between uninstall and reinstall events.
- This change is only required for device manufacturers shipping with Google Play services and Advertising ID. Other device manufacturers may provide an alternative resettable ID or continue to provide ANDROID ID.
Android O gives limited access to apps
However, the previous version of Android that will get upgraded to Android O, their Android ID will remain the same unless the user uninstalls the app. On the fundamental software level, Android O will generate a random MAC address when devices scan for Wi-Fi networks to join. It means that device’s information is limited and unnecessary requests are removed. Apps will no longer be allowed to access the list of accounts and other services installed on the device unless user grants the permission.
The MAC address randomization will only work if manufacturers update their firmware on Wi-Fi chipsets. Google’s Nexus 5X and Pixel phones will be the first devices to use this feature as Google will update its Wi-Fi chipset firmware to support. It means that other manufacturers will have to follow suit to extend the functionality on their devices running Android O.