ForgeRock SDKs

Device identifier

The device identifier is a unique ID specific to one device.

The device identifier is part of the device profile that a device collector returns in JSON format.

For example:

{
  "identifier": "d50cdb5ce8d055a3-86bd35e1b975a14d76b40940112c2380264c8efd",
  ....
}

Android

Device ID generation

In Android, a static device ID is not possible.

Static device ID

An ID that never changes, even during a factory reset or app re-installation.

Instance ID

An app instance of the ID.

Instead of using a device ID, Android uses an instance ID. The instance ID provides a unique identifier for each app, or app group, instance.

Device ID generation algorithm:

  1. Generate a public/private key pair, and store the KeyPair in the AndroidKeyStore (Shared Storage).

  2. Hash the public key with SHA1.

  3. Encode with Base64.

  4. Compile the ANDROID_ID with the hashed public key.

When can the device ID change?

In Android, the device ID is deleted or changes if any of the following occurs:

  • An app is restored on a new device.

  • A user uninstalls or re-installs the app.

  • A user clears app data.

iOS

Device ID generation

In iOS, FRDeviceIdentifier provides a unique identifier for each device that is defined in same Shared Keychain Access Group.

This is similar to the DeviceIdentifier in Android.

FRDeviceIdentifier provides a secure mechanism to uniquely generate, persist, and manage the identifier.

Device ID generation algorithm:

  1. Generate an RSA key pair with key size of 2048.

  2. Persist RSA keys in the Shared Keychain Service.

  3. Hash the public key with SHA1.

  4. Convert the hashed data into a hex string.

To view code that shows how iOS generates the device id, see FRDeviceIdentifier.swift.

When can the device ID change?

In iOS, the device ID is stored in the Keychain. This means the ID persists when the app is removed.

In iOS, the device ID is deleted or changes if any of the following occurs:

  • The user wipes or factory resets the phone.

  • The user obtains a new phone.

  • The keychain is programmatically deleted from the phone.

  • The device id is programmatically deleted from the Keychain.

  • The keychain identifier in the config forgerock_keychain_access_group changes.

JavaScript

Device ID generation

In JavaScript, the browser’s crypto library generates the device ID. The ID is stored in the browser’s localStorage.

To view code that shows how JavaScript generates the device ID, see index.ts in the forgerock-javascript-sdk repository.

When can the device ID change?

In JavaScript, the device ID is deleted or changes if any of the following occurs:

  • The browser window creates the device ID while in "private" or "incognito" mode. Closing the browser removes the ID.

  • The browser removes the ID when cleaning up old data to make room for new data.

  • The browser is uninstalled and reinstalled. The ID is removed.

  • The user removes the device ID by clearing the browser data.

Copyright © 2010-2022 ForgeRock, all rights reserved.