March 1, 2021

Scraping the GSF ID off an existing device

One ID to rule them all, One ID to find them, One ID to bring them all and in the darkness bind them.

For this method, the device needs to be rooted and have ADB debugging enabled. The GSF ID is stored in an sqlite database, located in the private directory of the package. Become root, copy 🗋 /data/data/ to some accessible directory, e.g. 🗋 /sdcard/Download , then pull it off the device from there.

On a PC, use the sqlite3 binary from the Android platform tools package to extract the GSF ID from the database file:

sqlite3 gservices.db "select * from main where name=\"android_id\";"

NOTE: some Android ROMs natively contain the sqlite3 binary, in which case, copying and pulling the database file becomes unnecessary.

Wait! I wanted the GSF ID, not the Android ID?

Google is an advertising company that makes it’s money from targeted ads. The problem with showing targeted ads in a webbrowser is that the user can delete his cookies any time, pulling the rug out from under the tracking data’s feet. When Google came up with Android, they wanted the OS itself to include a “cookie” that can’t be deleted, except by factory resetting the device (if sold, the device’s new owner, of course, should get a fresh cookie).

The initial concept for this “cookie” is the Android ID (nowadays also called SSAID) and was an engineering disaster, as the device was/is suppose to roll it itself. Some custom ROMs deliberately hardwired it to 0 for privacy reasons and at least one major phone manufacturer (can’t remember which one) shipped a model with a software bug that accidentally prevented the device from rolling. On top of that, Google found other marketeers reaching into their cookiejar (pun intended), as virtually every ad supported app began requesting the android.permission.READ_PHONE_STATE permission (surprise!), drawing way to much attention and raising privacy concerns.

Eventually, Google moved the concept of the device cookie from the system ROM into the GAPPS suite, renamed it to GSF ID, made it Google private and server assigned. The OS still supports the old Android ID for backwards compatibility reasons (and sadly that’s not likely to ever go away), but Google’s own apps nowadays use the GSF ID instead. Both identifiers are 64 bit hexadecimal numbers and semantically equivalent to a point where the GSF ID may (falsely) be referred to as Android ID, because it is a drop-in replacement, but otherwise a completely different number.