Android is the most popular operating system in the world, boasting over 47% of market share. Unfortunately, its popularity also makes Android devices a common conduit for fraud, and it can be challenging to differentiate fraudsters from legitimate users — until you can confidently identify their devices, that is. 

A few techniques that were used to identify Android devices in the past were:

1. Hardware identifiers: Every Android device has several hardware identifiers, such as a MAC address or IMEI, which remain the same even when the app is re-installed or when the device is factory reset. 
2. Software identifiers: It is possible to fetch several identifiers such as ANDROID_ID and Google Services Framework ID (aka GSF ID).

However, these techniques have limitations. For example, the hardware identifiers can be retrieved programmatically only when the user grants permissions. In Android O, several changes were introduced to ANDROID_ID so that it could not be used as a unique device identifier. The GSF ID is also at risk of being discontinued in future Android versions.

This is why it is important to find alternate forms of device identification.

Why is device identification important?

From app downloads to logins to payments, the number of ways a malicious user can commit fraud is ever-increasing. A unique, stable, spoof-resistant device ID can help identify devices that are exhibiting potentially suspicious behavior. That’s why device identification is a must-have component in a mobile developer's toolkit.

What is device identification?

Device identification is a technique in which the device attributes are combined to produce an ID unique to every device.

The attributes used to identify a device come from various sources, including:

• Hardware properties, such as processor type, device model, battery information, etc.
• Software properties, such as the operating system, ANDROID_ID, etc.
• Network properties, such as timezone, geolocation, etc. 
• User behavior patterns, such as typing speed, gestures, etc. 

What is device intelligence? 

Device identification is the basis of device intelligence and plays a crucial role in identifying and flagging suspicious devices. Device intelligence platforms monitor and analyze numerous device attributes to detect suspicious behavior and signal potential fraud attempts. For example, Fingerprint collects and processes 100+ device and network signals to assign a unique ID for every device that interacts with your mobile app. 

This technology provides an additional layer of security on top of multi-factor authentication mechanisms. While a fraudster may be able to figure out different ways to obtain authentication codes (e.g., SIM swapping) and gain access to the owner’s account using a password and the stolen code, device intelligence stops them in their tracks because it also requires that the fraudster’s device also matches that of the owner. At the same time, if a previously recognized device is used, the user can bypass additional authentication requirements, resulting in a smoother experience. 

Supplementing your fraud detection and advertising efforts with device intelligence has several benefits, including: 

• Reducing fraudulent transactions
• Strengthening account security
• Decreasing friction for legitimate users and improving customer lifetime value 

Fingerprint’s device intelligence platform for Android

Fingerprint offers Fingerprint Identification SDK for Android to identify Android devices. The SDK, when integrated with your app, collects several attributes from the device. With the help of these attributes and additional algorithms, Fingerprint is able to provide a unique device identifier (i.e., visitorId) for every device on which your app is installed.

More importantly, this device identifier does not change even when the app is restarted or re-installed. For most devices, the device identifier remains the same even when the device is factory reset.

Along with a device identifier, the SDK also provides actionable device intelligence signals that help you to make informed decisions about the device. These signals could be used as input to your machine learning models behind your fraud detection or risk mitigation engines. For example, when you know that a request is originating from a rooted device or from a recently factory reset device, you will be able to take additional precautionary security steps (e.g., multi-factor authentication).

To learn more about how we identify Android devices and provide additional intelligence, try installing our demo app from Google Play Store. The demo app’s source code is open to everyone and available on Github.