Restriction on non-resettable device identifiers
Starting in Android 10, apps must have the READ_PRIVILEGED_PHONE_STATE privileged permission in order to access the device's non-resettable identifiers, which include both IMEI and serial number.
Caution: Third-party apps installed from the Google Play Store cannot declare privileged permissions.
Affected methods include the following:
If your app doesn't have the permission and you try asking for information about non-resettable identifiers anyway, the platform's response varies based on target SDK version:
- If your app targets Android 10 or higher, a SecurityException occurs.
- If your app targets Android 9 (API level 28) or lower, the method returns null or placeholder data if the app has the READ_PHONE_STATE permission. Otherwise, a SecurityException occurs.
Note: If your app is the
device or profile owner app, you need only the
READ_PHONE_STATE permission to access non-resettable device identifiers, even if your app targets Android 10 or higher. Also, if your app has
special carrier permissions, you don't need any permissions to access the identifiers.
Many use cases don't need non-resettable device identifiers. For example, if your app uses non-resettable device identifiers for ad-tracking or user analytics purposes,
use an Android Advertising ID for those specific use cases instead. To learn more, see
best practices for unique identifiers.
