What’s the difference between the GSF ID and the Android ID?

There’s a little bit of confusion about the Android and the GSF ID which nets me the occasional support email. So I guess I’ll just explain the issue here for reference.

From the very beginning, Google had it in their mind that Android users should not be allowed to use their devices anonymously (privacy simply runs counter to their business model). For this reason, every phone was/is suppose to be assigned a unique identifier that stays valid for as long as the phone stays with it’s owner.

The first incarnation of this unique identifier was the Android ID, a total disaster that made you wonder if the responsible engineer was either drunk, a lunatic or just trying to cope with what was “designed by committee”:

  • The Android ID is part of the OS core (where it doesn’t belong to begin with). More precisely, it was put into the telephony subsystem, since that already dealt with other unique identifiers (you’d be surprised how trackable SIM cards are). Of course, this led to every app developer, who wanted to track users, to have his app ask for permission to access the telephone. To most users it was kinda confusing if, for example,  a pocket calculator wanted to make calls. The more tech savvy users pretty much knew they were dealing with a shady developer who had no concerns for user privacy.
  • The device randomly picks an Android ID itself when first set up (or after a factory reset). It is highly unlikely, but not impossible that two devices would choose the same ID.  Of course, that’s a no-go in all scenarios in which uniqueness must be guaranteed (e.g. e-commerce).
  • In fact, at least one handset manufacturer implemented the choosing algorithm the wrong way which resulted in all of his devices having the same “unique” identifier.
  • Android, under the hood, is a compatibility hell. Every new version redefines the inner workings of something. As far as the Android ID is concerned, it’s semantics got redefined when Android introduced multi user mode. Suddenly it was no longer a per device, but a per user identifier.

As the proverb goes: too many cooks spoil the broth. The (original) Android ID is beyond repair and pretty much useless in every context. Therefore Play uses what is called the GSF ID (Google Services Framework) which, apart from the privacy concerns, does everything correctly:

  • It is not part of the OS, but of the Gapps package (so you can choose not to be a number in the system)
  • The number gets assigned by a Google server when you first register an account on your device (so uniqueness is guaranteed).

Of course, the whole thing isn’t particularly well communicated/documented, so “Android ID”, “Device ID” and “GSF ID” are often used synonymously, even though they are completely different things.

As far as Raccoon and DummyDroid are concerned: you are always dealing with a GSF ID, never with an Android ID. However, in credentials.cfg , Raccoon (up to v3.4) still refers to the GSF ID as  “androidid” for historical/compatibility reasons. Hope that clears it up.

Posted in Android