What exactly is a GSF ID? Where do I get it from and why should I care?

Let’s first tick off the cursory answers real quick, so we are all on the same page:

  • GSF ID stands for Google Services Framework Identifier.
  • The GSF ID is a unique 16 character hexadecimal number.
  • Your device automatically requests a new one (if it doesn’t have one already) from Google as soon as you log your Google Account in on it for the first time.
  • The assignment is permanent. Once a GSF ID is registered to your account, you can’t remove it ever again (you can only stop using it).

In practical terms, a GSF ID is very similar to the number on the license plate of your car: It identifies your device uniquely, you can have several (one for each device in your possession) and it gets wiped from the hardware when you transfer ownership (given you do a factory reset).

Much like a license plate number, the GSF ID can be used for tracking you. In fact, that is exactly what the Android Device Manager service is all about: locating your phone and (if stolen) wiping just it and not the tablet you might have lying on your nightstand.

With Google Play, your GSF ID is used as a filing number for storing your device’s profile. A device profile is an elaborate description of your phone / tablet, listing hardware features, software versions, language options and even carrier information. Check out DummyDroid to see what can be included. The information provided through a profile is used by Play to only show apps in the search results that are compatible with your device. This is a double edged sword. On one hand it means you won’t be seeing camera apps if your smartphone does not have a camera, on the other hand, it also allows developers to limit app availability based on geographical location or carrier.

A GSF ID is also a privacy concern. In particular because you can only hide, but not remove hardware profiles from your account. In practical terms this might put you in hot waters if your better half (parent, guardian,…) discovers some flagship smartphone in there s/he has no knowledge of or locates you at some place you should not be in via Android Device Manager. Of course, by registering a GSF ID (and uploading a hardware profile), you also implicitly participate in market research (for example, the Google Play developer console provides statistics on what device models apps are installed) and naturally provide Google with selectors for targeted ads.

If Play is the only service you are really interested in using, then it is probably best to use the Raccoon apk downloader and a throw away account to get your apps.

Posted in Security