In a previous article I had posted some information about how it is possible to spoof the Android ID that is returned when calling the Settings.System.Android_ID function. Though I had noted at the end of my post the following;
Note that this will NOT change the android id used by google products since they use one that is linked to your gmail account that the phone is associated with…
This bugged me a little bit because I wanted to know how the google applications where using and getting the android information - did they pull it directly from the hardware? Where they just using private API that was more secure? So after a little research, I found exactly what was going on, and again how it would be possible to spoof the id.
Essentially the google applications use googleapps to store the android id, this is the program on the phone named “com.google.android.googleapps”. This is a very interesting program that sadly developers do not have access to as of yet, though hopefully this will change shortly.
Anyway, this program is also susceptible to being force-fed spoofed values. The method is essentially the same as the previous one, though just performed on a different database. From within adb or the shell, do the following;
1 | $sqlite3 /data/data/com.google.android.googleapps/databases/accounts.db update system set value=’deadbeef0000badf00d’ where name=’androidId’; |
This program also store in that table the imsi number linked to the phone, for simcard tracking purposes.