Device identifier
The device identifier is a unique ID specific to one device.
The device identifier is part of the device profile that a device collector returns in JSON format.
For example:
{
"identifier": "d50cdb5ce8d055a3-86bd35e1b975a14d76b40940112c2380264c8efd",
....
}
Android
Device ID generation
In Android, a static device ID is not possible.
- Static device ID
-
An ID that never changes, even during a factory reset or app re-installation.
- Instance ID
-
An app instance of the ID.
Instead of using a device ID, Android uses an instance ID. The instance ID provides a unique identifier for each app, or app group, instance.
Device ID generation algorithm:
-
Generate a public/private key pair, and store the
KeyPair
in theAndroidKeyStore
(Shared Storage). -
Hash the public key with SHA1.
-
Encode with Base64.
-
Compile the
ANDROID_ID
with the hashed public key.
iOS
Device ID generation
In iOS, FRDeviceIdentifier
provides a unique identifier for each device
that is defined in same Shared Keychain Access Group.
This is similar to the DeviceIdentifier
in Android.
FRDeviceIdentifier
provides a secure mechanism to uniquely generate, persist, and manage the identifier.
Device ID generation algorithm:
-
Generate an RSA key pair with key size of 2048.
-
Persist RSA keys in the Shared Keychain Service.
-
Hash the public key with SHA1.
-
Convert the hashed data into a hex string.
To view code that shows how iOS generates the device id, see FRDeviceIdentifier.swift.
When can the device ID change?
In iOS, the device ID is stored in the Keychain. This means the ID persists when the app is removed.
In iOS, the device ID is deleted or changes if any of the following occurs:
-
The user wipes or factory resets the phone.
-
The user obtains a new phone.
-
The keychain is programmatically deleted from the phone.
-
The device id is programmatically deleted from the Keychain.
-
The keychain identifier in the config
forgerock_keychain_access_group
changes.
JavaScript
Device ID generation
In JavaScript, the browser’s crypto library generates the device ID.
The ID is stored in the browser’s localStorage
.
To view code that shows how JavaScript generates the device ID, see
index.ts in the forgerock-javascript-sdk
repository.
When can the device ID change?
In JavaScript, the device ID is deleted or changes if any of the following occurs:
-
The browser window creates the device ID while in "private" or "incognito" mode. Closing the browser removes the ID.
-
The browser removes the ID when cleaning up old data to make room for new data.
-
The browser is uninstalled and reinstalled. The ID is removed.
-
The user removes the device ID by clearing the browser data.