What is the benefit of using this over the unique device ID? about fingerprintjs-pro-react-native HOT 5 CLOSED

Hello @SMJ93 ! Let me help you with the question from the Android side.

Couple of words regarding GSF_ID:

1. It is generated when users first time (after last factory reset) set up Google Services. Every subsequent log out and login does not change it. You can check it with your own device.

2. On Huawei devices or any other device with ROM without Google Services (pure AOSP, LineageOS etc.) GSF_ID is not available, it's true, but we still have a lot of others ways for identification than ANDROID_ID. You can check out our native Android OSS library. Its signals – is a subset of signals from the PRO version.

3. ANDROID_ID depends on PackageName, so it's changed when the app is repackaged (e.g. with using this app). We use identifiers that are not. For example the ID that is extracted from MEDIA DRM API (available in the OSS version) – it's way more stable than ANDROID_ID, and it's safe to use it agains app cloners. But it has its own troubles though. In the PRO version we are using all signals with knowledge of their properties to get the most unique and stable ID.

Hope it makes things more clear!

from fingerprintjs-pro-react-native.

Hi @SMJ93,

Since IDFV is only one of several signals we collect and send to our backend that contributes to the ID, we get additional accuracy on top of it. Lower reliance on IDVF makes our solution less likely to break completely if Apple decides to change the API (as the other product mentions in their README).

Furthermore, there are benefits that go beyond the data we send to the backend that make it way harder for someone to spoof anything, especially combined with our zero trust mode that will be supported after we release our next major version of our native iOS library (which should be very soon).

from fingerprintjs-pro-react-native.

Hello @SMJ93 !
Typically, one needs to use the identifier of the device in their server-side logic. It's quite common, tech-savvy users can tamper with your requests and identifiers. With this library and service, you can utilize our Webhooks or Server API functionality and verify if the provided data is consistent. Moreover, in the response's body, you can find additional valuable data such as IP, geolocation information, or timestamps that might be crucial for your antifraud decision making.

Regarding the specific implementation, for Android, we use stronger identifiers than the AndroidId. We use GSF_ID which is the same for all applications on the device.

Moreover, in the next minor version, we are going to add additional sources of entropy for even higher accuracy. The same applies also to the iOS platform.

Last, but not least, we take care of privacy restrictions and we will provide the same quality identifiers even if Apple and Google will restrict access to IDFV and ANDROID_ID.

from fingerprintjs-pro-react-native.

Hi @makma,

Thanks for getting back to me!

A tech-savvy user can also manipulate their IP, geolocation etc too.

The GSF_ID can be changed if a user factory resets their device, but also if the user messes with Google services. Which makes it weaker no?

Also more out of curiosity what happens if Google services isn't available on the device?

Cheers!

from fingerprintjs-pro-react-native.

Hey @Alexey-Verkhovsky, thanks for your detailed answer!

Can someone answer the questions from an iOS side please?

from fingerprintjs-pro-react-native.