Add multi-user and 'Instant App' use-case to the stability table - Githubissues

fingerprintjs / fingerprintjs-android

Swiss army knife for identifying and fingerprinting Android devices. MIT license, no restrictions on usage in production.

https://fingerprint.com/github/

MIT License

572 stars 83 forks source link

Add multi-user and 'Instant App' use-case to the stability table #51

Closed AndreasBoehm closed 2 years ago

AndreasBoehm commented 2 years ago

I tried the Playground app with different 'Users' on my device (https://source.android.com/devices/tech/admin/multi-user) and discovered that the GSF ID is not stable. ~The ID that stayed the same is the Media DRM ID, thats why i introduced stabilityVersion 4 that uses the DRM ID as the default id, if available.~

When fingerprintjs is run within an Instant App the GSF ID and Installed Apps fingerprint is not available at all. All other IDs and fingerprints are different from a regular app.

I ~also~ add this information to the stability documentation ~and updated the README.~

Alexey-Verkhovsky commented 2 years ago

Hello! Thank you for the feedback. The info about behaviour with multiple users is quite useful. But Media DRM ID is changing when packageName of the application changes. E.g. it will be different for different applications or if the application was cloned by AppCloner. For the most of the users GSF ID (which is similar across all apps, survives repackaging under normal, non-root circumstances) is more preferable and that's why it is the default one.

Alexey-Verkhovsky commented 2 years ago

Also there are issues on some Vivo devices when Media DRM ID is not unique.

AndreasBoehm commented 2 years ago

Hey @Alexey-Verkhovsky, good hint on the Media DRM ID. I reverted my code changes and only kept the update for the stability table.

AndreasBoehm commented 2 years ago

I will check if i have more additions for the table and re-open this MR

Alexey-Verkhovsky commented 2 years ago

Thank you for your effort!

AndreasBoehm commented 2 years ago

I added a new row 'Instant App' to the stability table

Alexey-Verkhovsky commented 2 years ago

How do you think, what is the reason of unavailability of identifiers for the Instant Apps? I've heard about breaking the PackageManager API, maybe this is also the case?

AndreasBoehm commented 2 years ago

I guess that it's a security feature that google is hiding some identifiers and the list of installed apps from Instant Apps to prevent tracking or other harmful things. Hiding apps from instant apps is described here: https://stackoverflow.com/a/48802575/2459067

Alexey-Verkhovsky commented 2 years ago

Got it, makes sense. We will research options for these kind of apps. Thank you! 💪